From 77f9f09e5c2bf76d4b50850848e6db9f239f49c7 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Fri, 13 Nov 2015 11:59:35 +0100 Subject: conntrackd: add systemd support This patch adds basic systemd support. The feature can be enabled/disabled at configure time: ./configure --disable-systemd Also, at runtime in conntrackd.conf General { Systemd on|off } (by default it's enabled both at runtime and at configure time) * tell systemd about conntrackd readiness: When conntrackd starts, it will send systemd the data "READY=1". At the point the data is sent, conntrackd is fully ready to work (configuration was OK, sockets OK, et all), so other actions depending on conntrackd can be safely chained in the machine boot process. * tell systemd about conntrackd shutting down: If the admin kills conntrackd with `conntrackd -k', the data "STOPPING=1" will be send to systemd so it learns about the daemon shutting down. Same for manual signals. * watchdog support: The admin can configure systemd to watch the conntrackd daemon and perform some actions if conntrackd dies: restart it, reboot the machine, etc... Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- include/Makefile.am | 2 +- include/conntrackd.h | 1 + include/systemd.h | 18 ++++++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 include/systemd.h (limited to 'include') diff --git a/include/Makefile.am b/include/Makefile.am index 6bd0f7f..e81463a 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -6,5 +6,5 @@ noinst_HEADERS = alarm.h jhash.h cache.h linux_list.h linux_rbtree.h \ network.h filter.h queue.h vector.h cidr.h \ traffic_stats.h netlink.h fds.h event.h bitops.h channel.h \ process.h origin.h internal.h external.h date.h nfct.h \ - helper.h myct.h stack.h + helper.h myct.h stack.h systemd.h diff --git a/include/conntrackd.h b/include/conntrackd.h index d338fc4..f8b11a7 100644 --- a/include/conntrackd.h +++ b/include/conntrackd.h @@ -109,6 +109,7 @@ struct ct_conf { int poll_kernel_secs; int filter_from_kernelspace; int event_iterations_limit; + int systemd; struct { int error_queue_length; } channelc; diff --git a/include/systemd.h b/include/systemd.h new file mode 100644 index 0000000..d05d2f3 --- /dev/null +++ b/include/systemd.h @@ -0,0 +1,18 @@ +#ifndef _INCLUDE_SYSTEMD_H_ +#define _INCLUDE_SYSTEMD_H_ + +#include + +#ifdef BUILD_SYSTEMD +void sd_ct_watchdog_init(void); +void sd_ct_init(void); +void sd_ct_mainpid(pid_t pid); +void sd_ct_stop(void); +#else /* BUILD_SYSTEMD */ +static inline void sd_ct_watchdog_init(void) {}; +static inline void sd_ct_init(void) {}; +static inline void sd_ct_mainpid(pid_t pid) {}; +static inline void sd_ct_stop(void) {}; +#endif /* BUILD_SYSTEMD */ + +#endif /* _INCLUDE_SYSTEMD_H_ */ -- cgit v1.2.3