[conntrack-tools] conntrackd: detect where the events comes from

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Sat May 23 12:57:25 CEST 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=ef047d03613bf9fa105db009773136817e2ec4c6
commit ef047d03613bf9fa105db009773136817e2ec4c6
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sat May 23 12:54:51 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sat May 23 12:54:51 2009 +0200

    conntrackd: detect where the events comes from
    
    Since Linux kernel 2.6.29, ctnetlink reports the changes that have
    been done using ctnetlink. With this patch, conntrackd can recognize
    who is the origin of the event messages. For example, this is
    interesting to avoid a messy implicit bulk send during the commit
    of entries.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 0374398fd14bf587d80d9d31e361e266e69387c8
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sat May 23 12:09:06 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sat May 23 12:09:06 2009 +0200

    conntrackd: add child process infrastructure
    
    This patch adds a simple infrastructure that allows to account
    the child processes that have been forked. This also includes
    a callback handler that can be registered that is called once
    the child process finishes.
    
    We can extended this later to include an alarm to limit the
    maximum lifetime of a forked child process. This is good to
    ensure that child processes behave timely.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  ef047d03613bf9fa105db009773136817e2ec4c6 (commit)
       via  0374398fd14bf587d80d9d31e361e266e69387c8 (commit)
      from  91bf01ee31b754bb17f612ee13685ef0ffe9baa8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ef047d03613bf9fa105db009773136817e2ec4c6
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sat May 23 12:54:51 2009 +0200

    conntrackd: detect where the events comes from
    
    Since Linux kernel 2.6.29, ctnetlink reports the changes that have
    been done using ctnetlink. With this patch, conntrackd can recognize
    who is the origin of the event messages. For example, this is
    interesting to avoid a messy implicit bulk send during the commit
    of entries.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 0374398fd14bf587d80d9d31e361e266e69387c8
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sat May 23 12:09:06 2009 +0200

    conntrackd: add child process infrastructure
    
    This patch adds a simple infrastructure that allows to account
    the child processes that have been forked. This also includes
    a callback handler that can be registered that is called once
    the child process finishes.
    
    We can extended this later to include an alarm to limit the
    maximum lifetime of a forked child process. This is good to
    ensure that child processes behave timely.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 include/Makefile.am      |    3 +-
 include/cache.h          |    4 ++-
 include/conntrackd.h     |    6 ++--
 include/origin.h         |   14 +++++++++
 include/process.h        |   14 +++++++++
 src/Makefile.am          |    2 +-
 src/cache_iterators.c    |   15 +++------
 src/origin.c             |   70 ++++++++++++++++++++++++++++++++++++++++++++++
 src/{fds.c => process.c} |   49 +++++++++++++++++++-------------
 src/run.c                |   22 ++++++++++----
 src/stats-mode.c         |    9 ++++--
 src/sync-mode.c          |   60 +++++++++++++++++++++++++++++++--------
 12 files changed, 210 insertions(+), 58 deletions(-)
 create mode 100644 include/origin.h
 create mode 100644 include/process.h
 create mode 100644 src/origin.c
 copy src/{fds.c => process.c} (53%)
This patch adds a simple infrastructure that allows to account
the child processes that have been forked. This also includes
a callback handler that can be registered that is called once
the child process finishes.

We can extended this later to include an alarm to limit the
maximum lifetime of a forked child process. This is good to
ensure that child processes behave timely.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/include/Makefile.am b/include/Makefile.am
index f02ce89..0ea056c 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -3,5 +3,6 @@ noinst_HEADERS = alarm.h jhash.h cache.h linux_list.h linux_rbtree.h \
 		 sync.h conntrackd.h local.h udp.h \
 		 debug.h log.h hash.h mcast.h conntrack.h \
 		 network.h filter.h queue.h vector.h cidr.h \
-		 traffic_stats.h netlink.h fds.h event.h bitops.h channel.h
+		 traffic_stats.h netlink.h fds.h event.h bitops.h channel.h \
+		 process.h
 
diff --git a/include/process.h b/include/process.h
new file mode 100644
index 0000000..a7f07ea
--- /dev/null
+++ b/include/process.h
@@ -0,0 +1,14 @@
+#ifndef _PROCESS_H_
+#define _PROCESS_H_
+
+struct child_process {
+	struct list_head	head;
+	int			pid;
+	void			(*cb)(void *data);
+	void			*data;
+};
+
+int fork_process_new(void (*cb)(void *data), void *data);
+int fork_process_delete(int pid);
+
+#endif
diff --git a/src/Makefile.am b/src/Makefile.am
index 8a45bf9..decc545 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -12,7 +12,7 @@ conntrack_LDFLAGS = $(all_libraries) @LIBNETFILTER_CONNTRACK_LIBS@
 
 conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \
 		    local.c log.c mcast.c udp.c netlink.c vector.c \
-		    filter.c fds.c event.c \
+		    filter.c fds.c event.c process.c \
 		    cache.c cache_iterators.c \
 		    cache_timer.c cache_wt.c \
 		    sync-mode.c sync-alarm.c sync-ftfw.c sync-notrack.c \
diff --git a/src/process.c b/src/process.c
new file mode 100644
index 0000000..a89f388
--- /dev/null
+++ b/src/process.c
@@ -0,0 +1,55 @@
+/*
+ * (C) 2009 by Pablo Neira Ayuso <pablo at netfilter.org>
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "conntrackd.h"
+#include "process.h"
+
+static LIST_HEAD(process_list);
+
+int fork_process_new(void (*cb)(void *data), void *data)
+{
+	struct child_process *c;
+
+	c = calloc(sizeof(struct child_process), 1);
+	if (c == NULL)
+		return -1;
+
+	c->cb = cb;
+	c->data = data;
+
+	list_add(&c->head, &process_list);
+
+	return fork();
+}
+
+int fork_process_delete(int pid)
+{
+	struct child_process *this, *tmp;
+
+	list_for_each_entry_safe(this, tmp, &process_list, head) {
+		if (this->pid == pid) {
+			list_del(&this->head);
+			if (this->cb) {
+				this->cb(this->data);
+			}
+			free(this);
+			return 1;
+		}
+	}
+	return 0;
+}
diff --git a/src/run.c b/src/run.c
index 6465699..09e2ae9 100644
--- a/src/run.c
+++ b/src/run.c
@@ -25,6 +25,7 @@
 #include "alarm.h"
 #include "fds.h"
 #include "traffic_stats.h"
+#include "process.h"
 
 #include <errno.h>
 #include <signal.h>
@@ -77,6 +78,9 @@ static void child(int foo)
 			STATE(stats).wait_failed++;
 			break;
 		}
+		/* delete process from list and run the callback */
+		fork_process_delete(ret);
+
 		if (!WIFSIGNALED(status))
 			continue;
 
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 298fcd2..0d35923 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -26,6 +26,7 @@
 #include "fds.h"
 #include "event.h"
 #include "queue.h"
+#include "process.h"
 
 #include <errno.h>
 #include <unistd.h>
@@ -391,28 +392,28 @@ static int local_handler_sync(int fd, int type, void *data)
 
 	switch(type) {
 	case DUMP_INTERNAL:
-		ret = fork();
+		ret = fork_process_new(NULL, NULL);
 		if (ret == 0) {
 			cache_dump(STATE_SYNC(internal), fd, NFCT_O_PLAIN);
 			exit(EXIT_SUCCESS);
 		}
 		break;
 	case DUMP_EXTERNAL:
-		ret = fork();
+		ret = fork_process_new(NULL, NULL);
 		if (ret == 0) {
 			cache_dump(STATE_SYNC(external), fd, NFCT_O_PLAIN);
 			exit(EXIT_SUCCESS);
 		} 
 		break;
 	case DUMP_INT_XML:
-		ret = fork();
+		ret = fork_process_new(NULL, NULL);
 		if (ret == 0) {
 			cache_dump(STATE_SYNC(internal), fd, NFCT_O_XML);
 			exit(EXIT_SUCCESS);
 		}
 		break;
 	case DUMP_EXT_XML:
-		ret = fork();
+		ret = fork_process_new(NULL, NULL);
 		if (ret == 0) {
 			cache_dump(STATE_SYNC(external), fd, NFCT_O_XML);
 			exit(EXIT_SUCCESS);
@@ -421,7 +422,7 @@ static int local_handler_sync(int fd, int type, void *data)
 	case COMMIT:
 		/* delete the reset alarm if any before committing */
 		del_alarm(&STATE_SYNC(reset_cache_alarm));
-		ret = fork();
+		ret = fork_process_new(NULL, NULL);
 		if (ret == 0) {
 			dlog(LOG_NOTICE, "committing external cache");
 			cache_commit(STATE_SYNC(external));

More information about the netfilter-cvslog mailing list