From 3e6852f806c4368eda451b39f12b2ac2f2b5d33b Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 19 Aug 2009 16:59:38 +0200
Subject: conntrackd: add `DisableExternalCache' clause

This patch adds the clause `DisableExternalCache' that allows you
to disable the external cache and to directly inject the entries
into the kernel conntrack table. As a result, the CPU consumption
of conntrackd increases. This clause can only be used with the
FT-FW and the notrack synchronization modes, but not with the
alarm mode.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/Makefile.am  |  2 +-
 include/conntrackd.h |  5 ++++-
 include/external.h   | 24 ++++++++++++++++++++++++
 include/origin.h     |  1 +
 4 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 include/external.h

(limited to 'include')

diff --git a/include/Makefile.am b/include/Makefile.am
index b72fb36..0fa76af 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -4,5 +4,5 @@ noinst_HEADERS = alarm.h jhash.h cache.h linux_list.h linux_rbtree.h \
 		 debug.h log.h hash.h mcast.h conntrack.h \
 		 network.h filter.h queue.h vector.h cidr.h \
 		 traffic_stats.h netlink.h fds.h event.h bitops.h channel.h \
-		 process.h origin.h
+		 process.h origin.h external.h
 
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 907ce33..ce8f9d4 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -95,6 +95,9 @@ struct ct_conf {
 	int poll_kernel_secs;
 	int filter_from_kernelspace;
 	int event_iterations_limit;
+	struct {
+		int external_cache_disable;
+	} sync;
 	struct {
 		int events_reliable;
 	} netlink;
@@ -172,7 +175,7 @@ struct ct_general_state {
 
 struct ct_sync_state {
 	struct cache *internal; 	/* internal events cache (netlink) */
-	struct cache *external; 	/* external events cache (mcast) */
+	struct external_handler *external;
 
 	struct multichannel	*channel;
 	struct nlif_handle	*interface;
diff --git a/include/external.h b/include/external.h
new file mode 100644
index 0000000..938941a
--- /dev/null
+++ b/include/external.h
@@ -0,0 +1,24 @@
+#ifndef _EXTERNAL_H_
+#define _EXTERNAL_H_
+
+struct nf_conntrack;
+
+struct external_handler {
+	int	(*init)(void);
+	void	(*close)(void);
+
+	void	(*new)(struct nf_conntrack *ct);
+	void	(*update)(struct nf_conntrack *ct);
+	void	(*destroy)(struct nf_conntrack *ct);
+
+	void	(*dump)(int fd, int type);
+	void	(*flush)(void);
+	void	(*commit)(struct nfct_handle *h, int fd);
+	void	(*stats)(int fd);
+	void	(*stats_ext)(int fd);
+};
+
+extern struct external_handler external_cache;
+extern struct external_handler external_inject;
+
+#endif
diff --git a/include/origin.h b/include/origin.h
index 89308f3..1b974e9 100644
--- a/include/origin.h
+++ b/include/origin.h
@@ -6,6 +6,7 @@ enum {
 					   any process, but not conntrackd */
 	CTD_ORIGIN_COMMIT,		/* event comes from committer */
 	CTD_ORIGIN_FLUSH,		/* event comes from flush */
+	CTD_ORIGIN_INJECT,		/* event comes from direct inject */
 };
 
 int origin_register(struct nfct_handle *h, int origin_type);
-- 
cgit v1.2.3