[conntrack-tools] check if entries already exist in kernel before injection

[Pablo Neira]

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=5dee97536258d3334b9c0ffeb59ec4ad076dc6c3
commit 5dee97536258d3334b9c0ffeb59ec4ad076dc6c3
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Jun 15 02:33:28 2008 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Jun 15 02:33:28 2008 +0200

    check if entries already exist in kernel before injection
       via  5dee97536258d3334b9c0ffeb59ec4ad076dc6c3 (commit)
      from  2a838790b8a545e95841cb216a7623b3d9560bce (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5dee97536258d3334b9c0ffeb59ec4ad076dc6c3
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sun Jun 15 02:33:28 2008 +0200

    check if entries already exist in kernel before injection

-----------------------------------------------------------------------

 src/cache_iterators.c |   39 ++++++++++++++++++++++++---------------
 1 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/cache_iterators.c b/src/cache_iterators.c
index c26d349..562d9a2 100644
--- a/src/cache_iterators.c
+++ b/src/cache_iterators.c
@@ -91,20 +91,29 @@ static int do_commit(void *data1, void *data2)
 	 */
 	nfct_set_attr_u32(ct, ATTR_TIMEOUT, CONFIG(commit_timeout));
 
-	ret = nl_create_conntrack(ct);
-	if (ret == -1) {
-		switch(errno) {
-			case EEXIST:
-				c->commit_exist++;
-				break;
-			default:
-				dlog(LOG_ERR, "commit: %s", strerror(errno));
-				dlog_ct(STATE(log), u->ct, NFCT_O_PLAIN);
-				c->commit_fail++;
-				break;
-		}
-	} else {
-		c->commit_ok++;
+	ret = nl_exist_conntrack(ct);
+	switch (ret) {
+	case -1:
+		dlog(LOG_ERR, "commit-exist: %s", strerror(errno));
+		dlog_ct(STATE(log), ct, NFCT_O_PLAIN);
+		break;
+	case 0:
+		if (nl_create_conntrack(ct) == -1) {
+			dlog(LOG_ERR, "commit-create: %s", strerror(errno));
+			dlog_ct(STATE(log), ct, NFCT_O_PLAIN);
+			c->commit_fail++;
+		} else
+			c->commit_ok++;
+		break;
+	case 1:
+		c->commit_exist++;
+		if (nl_update_conntrack(ct) == -1) {
+			dlog(LOG_ERR, "commit-update: %s", strerror(errno));
+			dlog_ct(STATE(log), ct, NFCT_O_PLAIN);
+			c->commit_fail++;
+		} else
+			c->commit_ok++;
+		break;
 	}
 
 	/* keep iterating even if we have found errors */
@@ -128,7 +137,7 @@ void cache_commit(struct cache *c)
 	dlog(LOG_NOTICE, "Committed %u new entries", commit_ok);
 
 	if (commit_exist)
-		dlog(LOG_NOTICE, "%u entries ignored, "
+		dlog(LOG_NOTICE, "%u entries updated, "
 				 "already exist", commit_exist);
 	if (commit_fail)
 		dlog(LOG_NOTICE, "%u entries can't be "