path: root/include
diff options
authorPablo Neira Ayuso <>2009-07-19 15:28:34 +0200
committerPablo Neira Ayuso <>2009-07-19 15:28:34 +0200
commit651794575c844fe25a717d77bd088c51383067f0 (patch)
treed4dd79f189ebdb933266d354aa66f42b7571f4b4 /include
parenta1d03b775376aa8545ec9a0e89381b659e4d28ed (diff)
conntrackd: rework commit not to fork a child process
This patch reworks the commit phase to avoid the forking. This is particularly useful in active-active setups in which one node has to commit the external cache while it is receiving new entries to be added in the external cache. This results in really high commit times due to the penalty of the copy-on-write that fork performs. The default number of steps in one run loop is limited to 64 by now. No option to tune this parameter is still available via the configuration file. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'include')
2 files changed, 21 insertions, 3 deletions
diff --git a/include/cache.h b/include/cache.h
index 109e6aa..7e61085 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -120,7 +120,7 @@ void cache_iterate_limit(struct cache *c, void *data, uint32_t from, uint32_t st
struct nfct_handle;
void cache_dump(struct cache *c, int fd, int type);
-void cache_commit(struct cache *c, struct nfct_handle *h);
+void cache_commit(struct cache *c, struct nfct_handle *h, int clientfd);
void cache_flush(struct cache *c);
void cache_bulk(struct cache *c);
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 417bac6..12fd17f 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -96,6 +96,9 @@ struct ct_conf {
int filter_from_kernelspace;
int event_iterations_limit;
struct {
+ int commit_steps;
+ } general;
+ struct {
int type;
int prio;
} sched;
@@ -168,12 +171,27 @@ struct ct_sync_state {
struct cache *internal; /* internal events cache (netlink) */
struct cache *external; /* external events cache (mcast) */
- struct nfct_handle *commit;
struct multichannel *channel;
struct nlif_handle *interface;
struct queue *tx_queue;
+ struct {
+ int state;
+ int clientfd;
+ struct nfct_handle *h;
+ struct evfd *evfd;
+ int current;
+ struct {
+ int ok;
+ int fail;
+ struct timeval start;
+ } stats;
+ } commit;
struct alarm_block reset_cache_alarm;
struct sync_mode *sync; /* sync mode */