8 files changed, 105 insertions, 2 deletions
diff --git a/include/cache.h b/include/cache.h
index abebb97..3af2741 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -52,6 +52,7 @@ extern struct cache_feature timer_feature;
 enum cache_type {
 	CACHE_T_NONE = 0,
 	CACHE_T_CT,
+	CACHE_T_EXP,
 	CACHE_T_MAX
 };
 
@@ -128,6 +129,9 @@ struct cache_ops {
 extern struct cache_ops cache_sync_internal_ct_ops;
 extern struct cache_ops cache_sync_external_ct_ops;
 extern struct cache_ops cache_stats_ct_ops;
+/* templates to configure expectation caching. */
+extern struct cache_ops cache_sync_internal_exp_ops;
+extern struct cache_ops cache_sync_external_exp_ops;
 
 struct nf_conntrack;
 
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 697d3d7..8baa088 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -37,6 +37,16 @@
 #define CT_FLUSH_EXT_CACHE	34	/* flush external cache		*/
 #define STATS_PROCESS		35	/* child process stats		*/
 #define STATS_QUEUE		36	/* queue stats			*/
+#define EXP_STATS		37	/* dump statistics		*/
+#define EXP_FLUSH_MASTER	38	/* flush kernel expect table    */
+#define EXP_RESYNC_MASTER	39	/* resync with kernel exp table	*/
+#define EXP_DUMP_INTERNAL	40	/* dump internal expect cache	*/
+#define EXP_DUMP_EXTERNAL	41	/* dump external expect cache	*/
+#define EXP_COMMIT		42	/* commit expectations		*/
+#define ALL_FLUSH_MASTER	43	/* flush all kernel tables	*/
+#define ALL_RESYNC_MASTER	44	/* resync w/all kernel tables	*/
+#define ALL_FLUSH_CACHE		45	/* flush all caches		*/
+#define ALL_COMMIT		46	/* commit all tables		*/
 
 #define DEFAULT_CONFIGFILE	"/etc/conntrackd/conntrackd.conf"
 #define DEFAULT_LOCKFILE	"/var/lock/conntrackd.lock"
@@ -56,6 +66,7 @@
 #define CTD_SYNC_ALARM		(1UL << 3)
 #define CTD_SYNC_NOTRACK	(1UL << 4)
 #define CTD_POLL		(1UL << 5)
+#define CTD_EXPECT		(1UL << 6)
 
 /* FILENAME_MAX is 4096 on my system, perhaps too much? */
 #ifndef FILENAME_MAXLEN
@@ -105,6 +116,8 @@ struct ct_conf {
 		int tcp_window_tracking;
 	} sync;
 	struct {
+		int subsys_id;
+		int groups;
 		int events_reliable;
 	} netlink;
 	struct {
@@ -130,6 +143,7 @@ struct ct_general_state {
 	struct local_server		local;
 	struct ct_mode 			*mode;
 	struct ct_filter		*us_filter;
+	struct exp_filter		*exp_filter;
 
 	struct nfct_handle		*event;         /* event handler */
 	struct nfct_filter		*filter;	/* event filter */
@@ -177,6 +191,10 @@ struct ct_general_state {
 	} stats;
 };
 
+struct commit_runqueue {
+	int		(*cb)(struct nfct_handle *h, int step);
+};
+
 #define STATE_SYNC(x) state.sync->x
 
 struct ct_sync_state {
@@ -196,6 +214,7 @@ struct ct_sync_state {
 		struct nfct_handle	*h;
 		struct evfd		*evfd;
 		int			current;
+		struct commit_runqueue  rq[2];
 		struct {
 			int 		ok;
 			int		fail;
diff --git a/include/external.h b/include/external.h
index eef0e42..70f0c5c 100644
--- a/include/external.h
+++ b/include/external.h
@@ -18,6 +18,17 @@ struct external_handler {
 		void	(*stats)(int fd);
 		void	(*stats_ext)(int fd);
 	} ct;
+	struct {
+		void	(*new)(struct nf_expect *exp);
+		void	(*upd)(struct nf_expect *exp);
+		void	(*del)(struct nf_expect *exp);
+
+		void	(*dump)(int fd, int type);
+		void	(*flush)(void);
+		int	(*commit)(struct nfct_handle *h, int fd);
+		void	(*stats)(int fd);
+		void	(*stats_ext)(int fd);
+	} exp;
 };
 
 extern struct external_handler external_cache;
diff --git a/include/filter.h b/include/filter.h
index f19b18b..3c7c8cc 100644
--- a/include/filter.h
+++ b/include/filter.h
@@ -52,4 +52,11 @@ void ct_filter_set_logic(struct ct_filter *f,
 			 enum ct_filter_logic logic);
 int ct_filter_conntrack(const struct nf_conntrack *ct, int userspace);
 
+struct exp_filter;
+struct nf_expect;
+
+struct exp_filter *exp_filter_create(void);
+int exp_filter_add(struct exp_filter *f, const char *helper_name);
+int exp_filter_find(struct exp_filter *f, const struct nf_expect *exp);
+
 #endif
diff --git a/include/internal.h b/include/internal.h
index f50eb79..2ba9714 100644
--- a/include/internal.h
+++ b/include/internal.h
@@ -34,6 +34,23 @@ struct internal_handler {
 		void	(*stats)(int fd);
 		void	(*stats_ext)(int fd);
 	} ct;
+	struct {
+		void	*data;
+
+		void	(*new)(struct nf_expect *exp, int origin_type);
+		void	(*upd)(struct nf_expect *exp, int origin_type);
+		int	(*del)(struct nf_expect *exp, int origin_type);
+
+		void	(*dump)(int fd, int type);
+		void	(*populate)(struct nf_expect *exp);
+		void	(*purge)(void);
+		int	(*resync)(enum nf_conntrack_msg_type type,
+				  struct nf_expect *exp, void *data);
+		void	(*flush)(void);
+
+		void	(*stats)(int fd);
+		void	(*stats_ext)(int fd);
+	} exp;
 };
 
 extern struct internal_handler internal_cache;
diff --git a/include/log.h b/include/log.h
index f5c5b4f..ae58e79 100644
--- a/include/log.h
+++ b/include/log.h
@@ -4,10 +4,12 @@
 #include <stdio.h>
 
 struct nf_conntrack;
+struct nf_expect;
 
 int init_log(void);
 void dlog(int priority, const char *format, ...);
 void dlog_ct(FILE *fd, struct nf_conntrack *ct, unsigned int type);
+void dlog_exp(FILE *fd, struct nf_expect *exp, unsigned int type);
 void close_log(void);
 
 #endif
diff --git a/include/netlink.h b/include/netlink.h
index 0df0cbb..3bde30c 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -30,4 +30,11 @@ static inline int ct_is_related(const struct nf_conntrack *ct)
 		nfct_attr_is_set(ct, ATTR_MASTER_PORT_DST));
 }
 
+int nl_create_expect(struct nfct_handle *h, const struct nf_expect *orig, int timeout);
+int nl_destroy_expect(struct nfct_handle *h, const struct nf_expect *exp);
+int nl_get_expect(struct nfct_handle *h, const struct nf_expect *exp);
+int nl_dump_expect_table(struct nfct_handle *h);
+int nl_flush_expect_table(struct nfct_handle *h);
+int nl_send_expect_resync(struct nfct_handle *h);
+
 #endif
diff --git a/include/network.h b/include/network.h
index d0531b9..ab95499 100644
--- a/include/network.h
+++ b/include/network.h
@@ -4,9 +4,10 @@
 #include <stdint.h>
 #include <sys/types.h>
 
-#define CONNTRACKD_PROTOCOL_VERSION	0
+#define CONNTRACKD_PROTOCOL_VERSION	1
 
 struct nf_conntrack;
+struct nf_expect;
 
 struct nethdr {
 #if __BYTE_ORDER == __LITTLE_ENDIAN
@@ -28,7 +29,10 @@ enum nethdr_type {
 	NET_T_STATE_CT_NEW = 0,
 	NET_T_STATE_CT_UPD,
 	NET_T_STATE_CT_DEL,
-	NET_T_STATE_MAX = NET_T_STATE_CT_DEL,
+	NET_T_STATE_EXP_NEW = 3,
+	NET_T_STATE_EXP_UPD,
+	NET_T_STATE_EXP_DEL,
+	NET_T_STATE_MAX = NET_T_STATE_EXP_DEL,
 	NET_T_CTL = 10,
 };
 
@@ -92,6 +96,17 @@ enum {
 	__hdr;							\
 })
 
+#define BUILD_NETMSG_FROM_EXP(exp, query)			\
+({								\
+	static char __net[4096];				\
+	struct nethdr *__hdr = (struct nethdr *) __net;		\
+	memset(__hdr, 0, NETHDR_SIZ);				\
+	nethdr_set(__hdr, query);				\
+	exp2msg(exp, __hdr);					\
+	HDR_HOST2NETWORK(__hdr);				\
+	__hdr;							\
+})
+
 struct mcast_sock_multi;
 
 enum {
@@ -239,4 +254,25 @@ struct nta_attr_natseqadj {
 void ct2msg(const struct nf_conntrack *ct, struct nethdr *n);
 int msg2ct(struct nf_conntrack *ct, struct nethdr *n, size_t remain);
 
+enum nta_exp_attr {
+	NTA_EXP_MASTER_IPV4 = 0,	/* struct nfct_attr_grp_ipv4 */
+	NTA_EXP_MASTER_IPV6,		/* struct nfct_attr_grp_ipv6 */
+	NTA_EXP_MASTER_L4PROTO,		/* uint8_t */
+	NTA_EXP_MASTER_PORT,		/* struct nfct_attr_grp_port */
+	NTA_EXP_EXPECT_IPV4 = 4,	/* struct nfct_attr_grp_ipv4 */
+	NTA_EXP_EXPECT_IPV6,		/* struct nfct_attr_grp_ipv6 */
+	NTA_EXP_EXPECT_L4PROTO,		/* uint8_t */
+	NTA_EXP_EXPECT_PORT,		/* struct nfct_attr_grp_port */
+	NTA_EXP_MASK_IPV4 = 8,		/* struct nfct_attr_grp_ipv4 */
+	NTA_EXP_MASK_IPV6,		/* struct nfct_attr_grp_ipv6 */
+	NTA_EXP_MASK_L4PROTO,		/* uint8_t */
+	NTA_EXP_MASK_PORT,		/* struct nfct_attr_grp_port */
+	NTA_EXP_TIMEOUT,		/* uint32_t */
+	NTA_EXP_FLAGS,			/* uint32_t */
+	NTA_EXP_MAX
+};
+
+void exp2msg(const struct nf_expect *exp, struct nethdr *n);
+int msg2exp(struct nf_expect *exp, struct nethdr *n, size_t remain);
+
 #endif