Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | ftfw: reset window and flush the resend queue during helloing | Pablo Neira Ayuso | 2008-09-25 | 1 | -1/+21 |
| | | | | | | | | | | | | | This fixes two bugs when a hello message is received: * We can create malformed nack messages during the helloing. We have to reset the acknowlegdment window, otherwise we may create malformed nack messages. * We have to empty the resend list/queue when a hello message is received, otherwise the entries get stuck to the resend queue once the sequence number wraps around. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | ftfw: fix race condition in the helloing routine | Pablo Neira Ayuso | 2008-09-25 | 1 | -14/+30 |
| | | | | | | | | | | | | | | | | | | | | This patch fixes a race condition that can prevent one node from sending the initial hello message required to reset the sequence tracking. node A node B | | start | | hello msg |----------------------->| stop | | start | | |<-----------------------| hello-back msg In the picture above, the node A never sends the hello messages. Thus, the node B drops the next messages as they are in the before boundary. This patch adds a new state to the the helloing state-machine to fix this problem. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | ftfw: fix race that triggers a double insertion into tx_list | Pablo Neira Ayuso | 2008-09-25 | 1 | -2/+9 |
| | | | | | | | | This patch fixes a race condition that can trigger a double insertion to the tx_list. This happens if we receive two resync request very close or resync just after a nack or vice-versa. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | fix: remove node from tx_list when the state-entry is destroy | Pablo Neira Ayuso | 2008-09-21 | 1 | -6/+9 |
| | | | | | | | | | This patches fixes a race that triggers a read-after-free access to the tx_list. The state-entry is destroyed but it is still in the list. The fix removes the state-entry from the tx_list in the destroy path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | cleanup: remove some debug messages from sync-ftfw.c | Pablo Neira Ayuso | 2008-09-17 | 1 | -31/+8 |
| | | | | | | | Remove useless debug messages, now we have a pluging for tcpdump to debug the FT-FW protocol. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | ftfw: check for malformed ack and nack messages | Pablo Neira Ayuso | 2008-09-16 | 1 | -0/+8 |
| | | | | | | | This patch checks that the [from, to] interval of ack and nack messages is OK. In other words, we check that: to >= from Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | rework the HELLO logic inside FT-FW | Pablo Neira Ayuso | 2008-05-26 | 1 | -6/+44 |
| | |||||
* | add eventfd emulation to communicate receiver -> sender | Pablo Neira Ayuso | 2008-05-25 | 1 | -0/+5 |
| | |||||
* | Fix reorder possible reordering of destroy messages under message omission. ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-29 | 1 | -6/+7 |
| | | | | This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table. | ||||
* | rework of the FT-FW approach | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-26 | 1 | -52/+185 |
| | |||||
* | revert relicensing... still we use linux_list.h code which seems to be GPLv2 ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 1 | -1/+1 |
| | | | | only which is incompatible AFAIK | ||||
* | relicense conntrack-tools as GPLv3+, so far the most significant contributor ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 1 | -1/+1 |
| | | | | has been Max Kellermann and has no issues with relicensing their contributions. | ||||
* | implement a rb-tree based alarm framework | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-29 | 1 | -2/+2 |
| | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-23 | 1 | -2/+2 |
| | | | | use size_t | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-20 | 1 | -1/+0 |
| | | | | remove init_alarm() before add_alarm() | ||||
* | Based on patch from Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-20 | 1 | -4/+2 |
| | | | | merge mod_alarm() into add_alarm(), remove alarm_set_expiration() | ||||
* | yet another rework of the alarm scheduler | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-18 | 1 | -2/+0 |
| | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-18 | 1 | -4/+4 |
| | | | | Simplify logging infrastructure | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 1 | -4/+3 |
| | | | | import only required C headers and put local headers on top to check | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 1 | -2/+2 |
| | | | | use C99 integers (uint32_t instead of u_int32_t) | ||||
* | fix missing bracket | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -1/+1 |
| | |||||
* | more list_empty() use instead of directly check the header | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -5/+2 |
| | |||||
* | use list_del_init() and list_empty() to check if a node is in the list | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -8/+7 |
| | |||||
* | minor constification fixes | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -5/+5 |
| | | | | update libnfnetlink dependencies | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -4/+5 |
| | | | | Fix tons of gcc warnings | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -4/+2 |
| | | | | set the return type of the parse functions to "void" | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -2/+2 |
| | | | | use const when possible | ||||
* | Max Kellermann <max@duempel.org> | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -12/+7 |
| | | | | Use list_for_each_entry() instead of list_for_each() | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -1/+1 |
| | | | | | | the global variable "alarm" conflicts with the alarm() function from unistd.h. resolve that conflict by giving those two global variables a better name. | ||||
* | improve alarm framework based on suggestions from Max Duempel | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-14 | 1 | -2/+2 |
| | |||||
* | wake up the daemon iff there are real events to handle instead of polling ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-09 | 1 | -29/+31 |
| | | | | (Based on comments from Max Kellerman) | ||||
* | rename class `buffer' to `queue' which is what it really implements | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -20/+20 |
| | |||||
* | o Use more appropriate names for the existing synchronization modes: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-21 | 1 | -0/+366 |
o rename `persistent' mode to `alarm' o rename `nack' mode to `ftfw' o Now default synchronization mode is ftfw instead of alarm |