From 39398cd3c1e488e099ea186ad1e5b725c2f09d1d Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 9 Mar 2017 16:29:21 +0100
Subject: conntrackd: CommitTimeout breaks DisableExternalCache set On

This patch introduces a new evaluate() function that can be used to spot
inconsistent configurations.

Don't allow CommitTimeout with DisableExternalCache On since this
results in EINVAL errors. CommitTimeout makes no sense with no external
cache.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/main.c | 11 +++++++++++
 src/run.c  | 13 +++++++++++++
 2 files changed, 24 insertions(+)

(limited to 'src')

diff --git a/src/main.c b/src/main.c
index febeaa9..1a57cf8 100644
--- a/src/main.c
+++ b/src/main.c
@@ -381,6 +381,17 @@ int main(int argc, char *argv[])
 		}
 	}
 
+	/*
+	 * Evaluate configuration
+	 */
+	if (evaluate() == -1) {
+		dlog(LOG_ERR, "conntrackd cannot start, please review your "
+		     "configuration");
+		close_log();
+		unlink(CONFIG(lockfile));
+		exit(EXIT_FAILURE);
+	}
+
 	/*
 	 * initialization process
 	 */
diff --git a/src/run.c b/src/run.c
index b71369b..1fe6cba 100644
--- a/src/run.c
+++ b/src/run.c
@@ -221,6 +221,19 @@ static void local_cb(void *data)
 	do_local_server_step(&STATE(local), NULL, local_handler);
 }
 
+int evaluate(void)
+{
+	if (CONFIG(sync).external_cache_disable &&
+	    CONFIG(commit_timeout)) {
+		dlog(LOG_WARNING, "`CommitTimeout' can't be combined with "
+		     "`DisableExternalCache', ignoring this option. "
+		     "Fix your configuration file.");
+		CONFIG(commit_timeout) = 0;
+	}
+
+	return 0;
+}
+
 int
 init(void)
 {
-- 
cgit v1.2.3