[conntrack-tools] conntrackd: remove the cache write-through policy

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Sat May 23 20:59:45 CEST 2009


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=95c587ae01373ded13d696b155c7f277030a03d3
commit 95c587ae01373ded13d696b155c7f277030a03d3
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sat May 23 20:58:55 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sat May 23 20:58:55 2009 +0200

    conntrackd: remove the cache write-through policy
    
    This patch removes the cache write-through clause. This feature
    remained undocumented although some has found it looking at the
    source code. This feature has remained in the tree for quite
    some time although it has several limitations. Moreover, it
    is specifically broken and dangerous for Linux kernels >= 2.6.29
    since it generates loops in the synchronization.
    
    We do this removal first to prepare the introduction of a feature
    to bypass the external cache.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  95c587ae01373ded13d696b155c7f277030a03d3 (commit)
      from  6f5666a29cb7cbff08ce926ee1edb84a311ff6ee (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 95c587ae01373ded13d696b155c7f277030a03d3
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sat May 23 20:58:55 2009 +0200

    conntrackd: remove the cache write-through policy
    
    This patch removes the cache write-through clause. This feature
    remained undocumented although some has found it looking at the
    source code. This feature has remained in the tree for quite
    some time although it has several limitations. Moreover, it
    is specifically broken and dangerous for Linux kernels >= 2.6.29
    since it generates loops in the synchronization.
    
    We do this removal first to prepare the introduction of a feature
    to bypass the external cache.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 include/cache.h      |    4 --
 include/conntrackd.h |    1 -
 src/Makefile.am      |    2 +-
 src/cache.c          |    1 -
 src/cache_wt.c       |   79 --------------------------------------------------
 src/read_config_yy.y |    6 ++-
 src/sync-mode.c      |    4 --
 7 files changed, 5 insertions(+), 92 deletions(-)
 delete mode 100644 src/cache_wt.c
This patch removes the cache write-through clause. This feature
remained undocumented although some has found it looking at the
source code. This feature has remained in the tree for quite
some time although it has several limitations. Moreover, it
is specifically broken and dangerous for Linux kernels >= 2.6.29
since it generates loops in the synchronization.

We do this removal first to prepare the introduction of a feature
to bypass the external cache.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/include/cache.h b/include/cache.h
index b6facdc..5df7aa9 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -12,9 +12,6 @@ enum {
 	TIMER_FEATURE = 0,
 	TIMER = (1 << TIMER_FEATURE),
 
-	WRITE_THROUGH_FEATURE = 1,
-	WRITE_THROUGH = (1 << WRITE_THROUGH_FEATURE),
-
 	__CACHE_MAX_FEATURE
 };
 #define CACHE_MAX_FEATURE __CACHE_MAX_FEATURE
@@ -48,7 +45,6 @@ struct cache_feature {
 
 extern struct cache_feature lifetime_feature;
 extern struct cache_feature timer_feature;
-extern struct cache_feature writethrough_feature;
 
 #define CACHE_MAX_NAMELEN 32
 
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 81cfd51..5a9e385 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -91,7 +91,6 @@ struct ct_conf {
 	unsigned int resend_queue_size; /* FTFW protocol */
 	unsigned int window_size;
 	int poll_kernel_secs;
-	int cache_write_through;
 	int filter_from_kernelspace;
 	int event_iterations_limit;
 	struct {
diff --git a/src/Makefile.am b/src/Makefile.am
index c338fee..1c8b34f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -14,7 +14,7 @@ conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \
 		    local.c log.c mcast.c udp.c netlink.c vector.c \
 		    filter.c fds.c event.c process.c origin.c \
 		    cache.c cache_iterators.c \
-		    cache_timer.c cache_wt.c \
+		    cache_timer.c \
 		    sync-mode.c sync-alarm.c sync-ftfw.c sync-notrack.c \
 		    traffic_stats.c stats-mode.c \
 		    network.c cidr.c \
diff --git a/src/cache.c b/src/cache.c
index 318b8ec..e4a024b 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -95,7 +95,6 @@ static int compare(const void *data1, const void *data2)
 
 struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = {
 	[TIMER_FEATURE]		= &timer_feature,
-	[WRITE_THROUGH_FEATURE] = &writethrough_feature,
 };
 
 struct cache *cache_create(const char *name, 
diff --git a/src/cache_wt.c b/src/cache_wt.c
deleted file mode 100644
index 34fe82e..0000000
--- a/src/cache_wt.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * (C) 2007 by Pablo Neira Ayuso <pablo at netfilter.org>
- * 
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "conntrackd.h"
-#include "cache.h"
-#include "netlink.h"
-#include "log.h"
-
-#include <string.h>
-#include <errno.h>
-
-static void add_wt(struct cache_object *obj)
-{
-	int ret;
-
-	ret = nl_get_conntrack(STATE(request), obj->ct);
-	switch (ret) {
-	case -1:
-		dlog(LOG_ERR, "cache_wt problem: %s", strerror(errno));
-		dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
-		break;
-	case 0:
-		if (nl_create_conntrack(STATE(dump), obj->ct, 0) == -1) {
-			dlog(LOG_ERR, "cache_wt create: %s", strerror(errno));
-			dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
-		}
-		break;
-	case 1:
-		if (nl_update_conntrack(STATE(dump), obj->ct, 0) == -1) {
-			dlog(LOG_ERR, "cache_wt crt-upd: %s", strerror(errno));
-			dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
-		}
-		break;
-	}
-}
-
-static void upd_wt(struct cache_object *obj)
-{
-	if (nl_update_conntrack(STATE(dump), obj->ct, 0) == -1) {
-		dlog(LOG_ERR, "cache_wt update:%s", strerror(errno));
-		dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
-	}
-}
-
-static void writethrough_add(struct cache_object *obj, void *data)
-{
-	add_wt(obj);
-}
-
-static void writethrough_update(struct cache_object *obj, void *data)
-{
-	upd_wt(obj);
-}
-
-static void writethrough_destroy(struct cache_object *obj, void *data)
-{
-	nl_destroy_conntrack(STATE(dump), obj->ct);
-}
-
-struct cache_feature writethrough_feature = {
-	.add		= writethrough_add,
-	.update		= writethrough_update,
-	.destroy	= writethrough_destroy,
-};
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 56fd2f8..cab7799 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -842,12 +842,14 @@ tcp_state: T_LISTEN
 
 cache_writethrough: T_WRITE_THROUGH T_ON
 {
-	conf.cache_write_through = 1;
+	print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, "
+				"ignoring");
 };
 
 cache_writethrough: T_WRITE_THROUGH T_OFF
 {
-	conf.cache_write_through = 0;
+	print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, "
+				"ignoring");
 };
 
 general: T_GENERAL '{' general_list '}';
diff --git a/src/sync-mode.c b/src/sync-mode.c
index a0ba830..699a585 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -274,10 +274,6 @@ static int init_sync(void)
 		return -1;
 	}
 
-	/* straight forward commit of conntrack to kernel space */
-	if (CONFIG(cache_write_through))
-		STATE_SYNC(sync)->external_cache_flags |= WRITE_THROUGH;
-
 	STATE_SYNC(external) = 
 		cache_create("external",
 			     STATE_SYNC(sync)->external_cache_flags,



More information about the netfilter-cvslog mailing list