[conntrack-tools] conntrackd: add support state-replication based on TCP

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Tue Sep 1 10:11:43 CEST 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=cf3be894fcb95adb360425c8482954522e9110d2
commit cf3be894fcb95adb360425c8482954522e9110d2
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Aug 23 12:11:20 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Aug 23 12:11:20 2009 +0200

    conntrackd: add support state-replication based on TCP
    
    This patch adds support for TCP as protocol to replicate
    state-changes between two daemons. Note that this only
    makes sense with the notrack mode.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 9d99a7699d7021a1c219d6553e037ac7ba4a5a37
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Fri Aug 21 16:06:11 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Fri Aug 21 16:06:11 2009 +0200

    conntrackd: allow to remove file descriptors from set
    
    With this patch, we can remove file descriptors dinamically
    from our own file descriptor pool.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 58411110894c0a9e6a1a1ec9dbdf2fbe2ef3da00
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Fri Aug 21 16:06:08 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Fri Aug 21 16:06:08 2009 +0200

    conntrackd: reduce the number of gettimeofday() syscalls
    
    This patch reduces the number of gettimeofday syscalls by caching
    the current time in a variable at the beginning of the main loop.
    Based on a suggestion from Vincent Jardin.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  cf3be894fcb95adb360425c8482954522e9110d2 (commit)
       via  9d99a7699d7021a1c219d6553e037ac7ba4a5a37 (commit)
       via  58411110894c0a9e6a1a1ec9dbdf2fbe2ef3da00 (commit)
      from  3e6852f806c4368eda451b39f12b2ac2f2b5d33b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cf3be894fcb95adb360425c8482954522e9110d2
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sun Aug 23 12:11:20 2009 +0200

    conntrackd: add support state-replication based on TCP
    
    This patch adds support for TCP as protocol to replicate
    state-changes between two daemons. Note that this only
    makes sense with the notrack mode.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 9d99a7699d7021a1c219d6553e037ac7ba4a5a37
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Fri Aug 21 16:06:11 2009 +0200

    conntrackd: allow to remove file descriptors from set
    
    With this patch, we can remove file descriptors dinamically
    from our own file descriptor pool.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 58411110894c0a9e6a1a1ec9dbdf2fbe2ef3da00
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Fri Aug 21 16:06:08 2009 +0200

    conntrackd: reduce the number of gettimeofday() syscalls
    
    This patch reduces the number of gettimeofday syscalls by caching
    the current time in a variable at the beginning of the main loop.
    Based on a suggestion from Vincent Jardin.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 doc/sync/notrack/conntrackd.conf |    3 +-
 include/Makefile.am              |    4 +-
 include/cache.h                  |    1 +
 include/channel.h                |   18 ++-
 include/date.h                   |   10 +
 include/fds.h                    |    9 +
 include/mcast.h                  |    1 +
 include/tcp.h                    |   75 +++++++
 include/udp.h                    |    1 +
 src/Makefile.am                  |    3 +-
 src/alarm.c                      |    7 +-
 src/cache.c                      |    4 +-
 src/channel.c                    |   17 ++
 src/channel_mcast.c              |   15 ++
 src/channel_tcp.c                |  149 +++++++++++++
 src/channel_udp.c                |   15 ++
 src/date.c                       |   28 +++
 src/fds.c                        |   46 ++++
 src/mcast.c                      |    5 +
 src/read_config_lex.l            |    1 +
 src/read_config_yy.y             |  158 ++++++++++++++-
 src/run.c                        |    3 +
 src/sync-mode.c                  |   65 +++++--
 src/tcp.c                        |  440 ++++++++++++++++++++++++++++++++++++++
 src/udp.c                        |    5 +
 25 files changed, 1059 insertions(+), 24 deletions(-)
 create mode 100644 include/date.h
 create mode 100644 include/tcp.h
 create mode 100644 src/channel_tcp.c
 create mode 100644 src/date.c
 create mode 100644 src/tcp.c
This patch reduces the number of gettimeofday syscalls by caching
the current time in a variable at the beginning of the main loop.
Based on a suggestion from Vincent Jardin.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/include/Makefile.am b/include/Makefile.am
index 0fa76af..844c5b8 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -4,5 +4,5 @@ noinst_HEADERS = alarm.h jhash.h cache.h linux_list.h linux_rbtree.h \
 		 debug.h log.h hash.h mcast.h conntrack.h \
 		 network.h filter.h queue.h vector.h cidr.h \
 		 traffic_stats.h netlink.h fds.h event.h bitops.h channel.h \
-		 process.h origin.h external.h
+		 process.h origin.h external.h date.h
 
diff --git a/include/cache.h b/include/cache.h
index 7e61085..28917f2 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -4,6 +4,7 @@
 #include <stdint.h>
 #include <stddef.h>
 #include "hash.h"
+#include "date.h"
 
 /* cache features */
 enum {
diff --git a/include/date.h b/include/date.h
new file mode 100644
index 0000000..296b996
--- /dev/null
+++ b/include/date.h
@@ -0,0 +1,10 @@
+#ifndef _DATE_H_
+#define _DATE_H_
+
+#include <sys/time.h>
+
+int do_gettimeofday(void);
+void gettimeofday_cached(struct timeval *tv);
+int time_cached(void);
+
+#endif
diff --git a/src/Makefile.am b/src/Makefile.am
index 753c809..e969f4d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -12,7 +12,7 @@ conntrack_LDFLAGS = $(all_libraries) @LIBNETFILTER_CONNTRACK_LIBS@
 
 conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \
 		    local.c log.c mcast.c udp.c netlink.c vector.c \
-		    filter.c fds.c event.c process.c origin.c \
+		    filter.c fds.c event.c process.c origin.c date.c \
 		    cache.c cache_iterators.c \
 		    cache_timer.c \
 		    sync-mode.c sync-alarm.c sync-ftfw.c sync-notrack.c \
diff --git a/src/alarm.c b/src/alarm.c
index fe938a0..006721a 100644
--- a/src/alarm.c
+++ b/src/alarm.c
@@ -17,6 +17,7 @@
  */
 
 #include "alarm.h"
+#include "date.h"
 #include <stdlib.h>
 #include <limits.h>
 
@@ -61,7 +62,7 @@ void add_alarm(struct alarm_block *alarm, unsigned long sc, unsigned long usc)
 	del_alarm(alarm);
 	alarm->tv.tv_sec = sc;
 	alarm->tv.tv_usec = usc;
-	gettimeofday(&tv, NULL);
+	gettimeofday_cached(&tv);
 	timeradd(&alarm->tv, &tv, &alarm->tv);
 	__add_alarm(alarm);
 }
@@ -107,7 +108,7 @@ get_next_alarm_run(struct timeval *next_run)
 	struct rb_node *node;
 	struct timeval tv;
 
-	gettimeofday(&tv, NULL);
+	gettimeofday_cached(&tv);
 
 	node = rb_first(&alarm_root);
 	if (node) {
@@ -126,7 +127,7 @@ do_alarm_run(struct timeval *next_run)
 	struct alarm_block *this, *tmp;
 	struct timeval tv;
 
-	gettimeofday(&tv, NULL);
+	gettimeofday_cached(&tv);
 
 	INIT_LIST_HEAD(&alarm_run_queue);
 	for (node = rb_first(&alarm_root); node; node = rb_next(node)) {
diff --git a/src/cache.c b/src/cache.c
index ccdce86..74c5c4b 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -250,7 +250,7 @@ static int __add(struct cache *c, struct cache_object *obj, int id)
 		c->extra->add(obj, ((char *) obj) + c->extra_offset);
 
 	c->stats.active++;
-	obj->lifetime = obj->lastupdate = time(NULL);
+	obj->lifetime = obj->lastupdate = time_cached();
 	obj->status = C_OBJ_NEW;
 	obj->refcnt++;
 	return 0;
@@ -288,7 +288,7 @@ void cache_update(struct cache *c, struct cache_object *obj, int id,
 		c->extra->update(obj, ((char *) obj) + c->extra_offset);
 
 	c->stats.upd_ok++;
-	obj->lastupdate = time(NULL);
+	obj->lastupdate = time_cached();
 	obj->status = C_OBJ_ALIVE;
 }
 
diff --git a/src/date.c b/src/date.c
new file mode 100644
index 0000000..f5a5ada
--- /dev/null
+++ b/src/date.c
@@ -0,0 +1,28 @@
+/*
+ * (C) 2009 by Pablo Neira Ayuso <pablo at netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+#include "date.h"
+#include <stdlib.h>
+#include <string.h>
+
+static struct timeval now;
+
+int do_gettimeofday(void)
+{
+	return gettimeofday(&now, NULL);
+}
+
+void gettimeofday_cached(struct timeval *tv)
+{
+	memcpy(tv, &now, sizeof(struct timeval));
+}
+
+int time_cached(void)
+{
+	return now.tv_sec;
+}
diff --git a/src/run.c b/src/run.c
index 8a15e14..54ab1a5 100644
--- a/src/run.c
+++ b/src/run.c
@@ -27,6 +27,7 @@
 #include "traffic_stats.h"
 #include "process.h"
 #include "origin.h"
+#include "date.h"
 
 #include <errno.h>
 #include <signal.h>
@@ -545,6 +546,8 @@ run(void)
 	struct timeval *next = NULL;
 
 	while(1) {
+		do_gettimeofday();
+
 		sigprocmask(SIG_BLOCK, &STATE(block), NULL);
 		if (next != NULL && !timerisset(next))
 			next = do_alarm_run(&next_alarm);

More information about the netfilter-cvslog mailing list