summaryrefslogtreecommitdiffstats
path: root/daemon/src/cache_iterators.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemon/src/cache_iterators.c')
-rw-r--r--daemon/src/cache_iterators.c229
1 files changed, 0 insertions, 229 deletions
diff --git a/daemon/src/cache_iterators.c b/daemon/src/cache_iterators.c
deleted file mode 100644
index 5d5d22b..0000000
--- a/daemon/src/cache_iterators.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * (C) 2006-2007 by Pablo Neira Ayuso <pablo@netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "cache.h"
-#include "jhash.h"
-#include "hash.h"
-#include "conntrackd.h"
-#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include <errno.h>
-#include "us-conntrack.h"
-#include "debug.h"
-
-struct __dump_container {
- int fd;
- int type;
-};
-
-static int do_dump(void *data1, void *data2)
-{
- char buf[1024];
- int size;
- struct __dump_container *container = data1;
- struct us_conntrack *u = data2;
- void *data = u->data;
- int i;
-
- memset(buf, 0, sizeof(buf));
- size = nfct_snprintf(buf,
- sizeof(buf),
- u->ct,
- NFCT_T_UNKNOWN,
- container->type,
- 0);
-
- for (i = 0; i < u->cache->num_features; i++) {
- if (u->cache->features[i]->dump) {
- size += u->cache->features[i]->dump(u,
- data,
- buf+size,
- container->type);
- data += u->cache->features[i]->size;
- }
- }
- size += sprintf(buf+size, "\n");
- if (send(container->fd, buf, size, 0) == -1) {
- if (errno != EPIPE)
- return -1;
- }
-
- return 0;
-}
-
-void cache_dump(struct cache *c, int fd, int type)
-{
- struct __dump_container tmp = {
- .fd = fd,
- .type = type
- };
-
- lock();
- hashtable_iterate(c->h, (void *) &tmp, do_dump);
- unlock();
-}
-
-static int do_commit(void *data1, void *data2)
-{
- int ret;
- struct cache *c = data1;
- struct us_conntrack *u = data2;
- struct nf_conntrack *ct;
- char buf[4096];
- struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
-
- ct = nfct_clone(u->ct);
- if (ct == NULL)
- return 0;
-
- if (nfct_attr_is_set(ct, ATTR_STATUS)) {
- u_int32_t status = nfct_get_attr_u32(ct, ATTR_STATUS);
- status &= ~IPS_EXPECTED;
- nfct_set_attr_u32(ct, ATTR_STATUS, status);
- }
-
- if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
- nfct_setobjopt(ct, NFCT_SOPT_UNDO_SNAT);
- if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
- nfct_setobjopt(ct, NFCT_SOPT_UNDO_DNAT);
- if (nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT))
- nfct_setobjopt(ct, NFCT_SOPT_UNDO_SPAT);
- if (nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT))
- nfct_setobjopt(ct, NFCT_SOPT_UNDO_DPAT);
-
- /*
- * Set a reduced timeout for candidate-to-be-committed
- * conntracks that live in the external cache
- */
- nfct_set_attr_u32(ct, ATTR_TIMEOUT, CONFIG(commit_timeout));
-
- ret = nfct_build_query(STATE(subsys_sync),
- NFCT_Q_CREATE,
- ct,
- nlh,
- sizeof(buf));
-
- free(ct);
-
- if (ret == -1) {
- /* XXX: Please cleanup this debug crap, default in logfile */
- debug("--- failed to build: %s --- \n", strerror(errno));
- return 0;
- }
-
- ret = nfnl_query(STATE(sync), nlh);
- if (ret == -1) {
- switch(errno) {
- case EEXIST:
- c->commit_exist++;
- break;
- default:
- c->commit_fail++;
- break;
- }
- debug("--- failed to commit: %s --- \n", strerror(errno));
- } else {
- c->commit_ok++;
- debug("----- commit -----\n");
- }
-
- /* keep iterating even if we have found errors */
- return 0;
-}
-
-void cache_commit(struct cache *c)
-{
- unsigned int commit_ok = c->commit_ok;
- unsigned int commit_exist = c->commit_exist;
- unsigned int commit_fail = c->commit_fail;
-
- lock();
- hashtable_iterate(c->h, c, do_commit);
- unlock();
-
- /* calculate new entries committed */
- commit_ok = c->commit_ok - commit_ok;
- commit_fail = c->commit_fail - commit_fail;
- commit_exist = c->commit_exist - commit_exist;
-
- /* log results */
- dlog(STATE(log), "Committed %u new entries", commit_ok);
-
- if (commit_exist)
- dlog(STATE(log), "%u entries ignored, "
- "already exist", commit_exist);
- if (commit_fail)
- dlog(STATE(log), "%u entries can't be "
- "committed", commit_fail);
-}
-
-static int do_flush(void *data1, void *data2)
-{
- struct cache *c = data1;
- struct us_conntrack *u = data2;
- void *data = u->data;
- int i;
-
- for (i = 0; i < c->num_features; i++) {
- c->features[i]->destroy(u, data);
- data += c->features[i]->size;
- }
- free(u->ct);
-
- return 0;
-}
-
-void cache_flush(struct cache *c)
-{
- lock();
- hashtable_iterate(c->h, c, do_flush);
- hashtable_flush(c->h);
- c->flush++;
- unlock();
-}
-
-#include "sync.h"
-#include "network.h"
-
-static int do_bulk(void *data1, void *data2)
-{
- int ret;
- struct us_conntrack *u = data2;
- char buf[4096];
- struct nlnetwork *net = (struct nlnetwork *) buf;
-
- ret = build_network_msg(NFCT_Q_UPDATE,
- STATE(subsys_sync),
- u->ct,
- buf,
- sizeof(buf));
- if (ret == -1)
- debug_ct(u->ct, "failed to build");
-
- mcast_send_netmsg(STATE_SYNC(mcast_client), net);
- STATE_SYNC(mcast_sync)->post_send(net, u);
-
- /* keep iterating even if we have found errors */
- return 0;
-}
-
-void cache_bulk(struct cache *c)
-{
- lock();
- hashtable_iterate(c->h, NULL, do_bulk);
- unlock();
-}