| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
This patch is a cleanup. It renames the mcast_track_*() functions
by nethdr_track_*() because this functions are related to message
sequence tracking. They are not stick to multicast at all.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch reworks conntrackd to make it independent of the protocol
used to propagate state-changes. This patch adds the channel layer
abstraction, this layer allows you to add support for different
protocols like unicast UDP or TIPC.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch removes debug() and debug_ct(), I haven't use the
debugging information that these functions provide in years.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch adds support for redundant dedicated links. You can add
a pool of dedicated links that can be used if the current active
fails.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
The network headers already contain the message type set. It is not
necessary to set it up again.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch adds the status field to the cache object. This avoids
the (ab)use of the alarm to check if an entry is active or dead.
This is the first step to possibly move the alarm to the cache_extra
memory space of the ftfw (which is the only use by now).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds networks statistics that you can check via
`conntrackd -s network'. This information is useful for
trouble-shooting.
This patch replaces several log messages that can be triggered in
runtime. The idea behind this patch is to avoid log message flooding
under errors.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
This patch reduces the size of alive messages by removing the
"from" and "to" fields which are not of any help. This patch also
removes the IS_CTL() macro since it does not return true for
the control messages anymore but only for IS_ACK(), IS_NACK() and
IS_RESYNC().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch adds more strict checking in the message type. We add a
new message type NET_T_CTL for control messages.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch simplifies the message format of the replication
messages. As a result, we save four bytes. The netpld header
was introduced in the early protocol design. Today, it does
not have any reason to exist.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch removes __do_send() and replace it with the mcast_send()
call. The debugging information that provides is not useful anymore
with the tcpdump plugin.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch simplifies mcast_buffered_send_netmsg() by removing the
length parameter. Instead, we use the length field in the nethdr
to know the message size to be sent.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch removes the unused function mcast_send_netmsg().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
This patch changes the prototype of mcast_buffered_init() to receive
as argument the MTU size instead of the multicast configuration. This
decouples the initialization of the tx buffer from the multicast
configuration. This patch is needed by the multi-dedicated link
support.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the version field (8-bits long) to the nethdr
structure. This fields can be used to indicate the protocol version
in case that we detect an incompatibility between two conntrackd
daemons working with different protocol versions.
Unfortunately, this patch breaks backward compatibility, ie.
conntrackd <= 0.9.8 protocol is not compatible with the upcoming
conntrackd >= 0.9.9. Better do this now than later.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch removes a part of the code that can be used to
simulate message loss in the replication. This was useful to test the
FT-FW code. However, this code is not useful anymore as long as we
have netem: tc qdisc add dev eth0 root netem loss 0.1%
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| | |
|
| | |
|
| |
|
|
| |
only which is incompatible AFAIK
|
| |
|
|
| |
has been Max Kellermann and has no issues with relicensing their contributions.
|
| |
|
|
| |
use size_t
|
| |
|
|
| |
Simplify logging infrastructure
|
| |
|
|
| |
import only required C headers and put local headers on top to check
|
| |
|
|
| |
use C99 integers (uint32_t instead of u_int32_t)
|
| |
|
|
| |
Fix tons of gcc warnings
|
| |
|
|
| |
add missing function prototypes
|
| |
|
|
| |
fix shadow warnings by renaming variables or making them local
|
| |
|
|
|
|
| |
o minor irrelevant fixes for uncommon error paths and fix several typos
o use LOG_INFO for connection logging, use LOG_NOTICE for other information
o minor error handling updates
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- use buffer of MTU size
conntrack:
- better protocol argument checkings
- fix per-protocol filtering, eg. conntrack -[L|E] -p tcp now works
- show per-protocol help, ie. conntrack -h -p tcp
- add alias --src for --orig-src and alias --dst for --orig-dst
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- add len field to nethdr
- implement buffered send/recv to batch messages
- stop using netlink format for network messages: use similar TLV-based format
- reduce synchronization messages size up to 60%
- introduce periodic alive messages for sync-nack protocol
- timeslice alarm implementation: remove alarm pthread, remove locking
- simplify debugging functions: use nfct_snprintf instead
- remove major use of libnfnetlink functions: use libnetfilter_conntrack API
- deprecate conntrackd -F, use conntrack -F instead
- major rework of the network infrastructure: much simple, less messy
|
| |
|
|
|
|
| |
- remove several debug calls
- create a child to dispatch dump requests: this will help to simplify the
current locking schema. Later.
|
| |
|
|
| |
- several cleanups
|
| |
|
|
|
|
|
|
| |
o remove reminiscents of delay destroy message and relax transitions
o remove confusing StripNAT parameter: NAT support enabled by default
o relax event tracking: *_update callbacks use cache_update_force
o use wraparound-aware functions after/before/between
o lots of cleanups
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
- flush nack queue in the conntrackd -f path
- do not increase add_fail counter for EEXIST errors
- cleanup sync-nack code
- improve mcast_recv_netmsg: sanity check before checksumming!
|
|
|
chain
|
