summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-01-25 17:51:18 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2009-01-25 17:51:18 +0100
commit8d689ebb67c511f5c03acdfc2226156d5f87c319 (patch)
treec07a21e06e1b58b5ebc4cb11f28e96102064b251
parente6732c96ffd9baaaa84dab763ff6e600bf6abc95 (diff)
cache: mangle timeout inside nl_*_conntrack() functions
This patch moves the timeout mangling inside nl_*_conntrack(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--include/netlink.h4
-rw-r--r--src/cache_iterators.c12
-rw-r--r--src/cache_wt.c6
-rw-r--r--src/netlink.c14
4 files changed, 19 insertions, 17 deletions
diff --git a/include/netlink.h b/include/netlink.h
index d8a4fef..9d67165 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -17,8 +17,8 @@ void nl_resize_socket_buffer(struct nfct_handle *h);
int nl_dump_conntrack_table(struct nfct_handle *h);
int nl_flush_conntrack_table(struct nfct_handle *h);
int nl_get_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct);
-int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct);
-int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct);
+int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct, int timeout);
+int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct, int timeout);
int nl_destroy_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct);
static inline int ct_is_related(const struct nf_conntrack *ct)
diff --git a/src/cache_iterators.c b/src/cache_iterators.c
index 379deed..9b54ea1 100644
--- a/src/cache_iterators.c
+++ b/src/cache_iterators.c
@@ -105,14 +105,8 @@ __do_commit_step(struct __commit_container *tmp, struct cache_object *obj)
int ret, retry = 1;
struct nf_conntrack *ct = obj->ct;
- /*
- * Set a reduced timeout for candidate-to-be-committed
- * conntracks that live in the external cache
- */
- nfct_set_attr_u32(ct, ATTR_TIMEOUT, CONFIG(commit_timeout));
-
retry:
- if (nl_create_conntrack(tmp->h, ct) == -1) {
+ if (nl_create_conntrack(tmp->h, ct, CONFIG(commit_timeout)) == -1) {
if (errno == EEXIST && retry == 1) {
ret = nl_destroy_conntrack(tmp->h, ct);
if (ret == 0 || (ret == -1 && errno == ENOENT)) {
@@ -223,9 +217,7 @@ static int do_reset_timers(void *data1, struct hashtable_node *n)
if (current_timeout < CONFIG(purge_timeout))
break;
- nfct_set_attr_u32(tmp, ATTR_TIMEOUT, CONFIG(purge_timeout));
-
- if (nl_update_conntrack(h, tmp) == -1) {
+ if (nl_update_conntrack(h, tmp, CONFIG(purge_timeout)) == -1) {
if (errno == ETIME || errno == ENOENT)
break;
dlog(LOG_ERR, "reset-timers-upd: %s", strerror(errno));
diff --git a/src/cache_wt.c b/src/cache_wt.c
index 4b67e8e..6f9ccc7 100644
--- a/src/cache_wt.c
+++ b/src/cache_wt.c
@@ -38,14 +38,14 @@ static void add_wt(struct cache_object *obj)
break;
case 0:
memcpy(ct, obj->ct, nfct_maxsize());
- if (nl_create_conntrack(STATE(dump), ct) == -1) {
+ if (nl_create_conntrack(STATE(dump), ct, 0) == -1) {
dlog(LOG_ERR, "cache_wt create: %s", strerror(errno));
dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
}
break;
case 1:
memcpy(ct, obj->ct, nfct_maxsize());
- if (nl_update_conntrack(STATE(dump), ct) == -1) {
+ if (nl_update_conntrack(STATE(dump), ct, 0) == -1) {
dlog(LOG_ERR, "cache_wt crt-upd: %s", strerror(errno));
dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
}
@@ -60,7 +60,7 @@ static void upd_wt(struct cache_object *obj)
memcpy(ct, obj->ct, nfct_maxsize());
- if (nl_update_conntrack(STATE(dump), ct) == -1) {
+ if (nl_update_conntrack(STATE(dump), ct, 0) == -1) {
dlog(LOG_ERR, "cache_wt update:%s", strerror(errno));
dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
}
diff --git a/src/netlink.c b/src/netlink.c
index e538aa0..24d61a0 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -197,7 +197,9 @@ int nl_get_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct)
return 1;
}
-int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig)
+int nl_create_conntrack(struct nfct_handle *h,
+ const struct nf_conntrack *orig,
+ int timeout)
{
int ret;
struct nf_conntrack *ct;
@@ -206,6 +208,9 @@ int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig)
if (ct == NULL)
return -1;
+ if (timeout > 0)
+ nfct_set_attr_u32(ct, ATTR_TIMEOUT, timeout);
+
/* we hit error if we try to change the expected bit */
if (nfct_attr_is_set(ct, ATTR_STATUS)) {
uint32_t status = nfct_get_attr_u32(ct, ATTR_STATUS);
@@ -233,7 +238,9 @@ int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig)
return ret;
}
-int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig)
+int nl_update_conntrack(struct nfct_handle *h,
+ const struct nf_conntrack *orig,
+ int timeout)
{
int ret;
struct nf_conntrack *ct;
@@ -242,6 +249,9 @@ int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig)
if (ct == NULL)
return -1;
+ if (timeout > 0)
+ nfct_set_attr_u32(ct, ATTR_TIMEOUT, timeout);
+
/* unset NAT info, otherwise we hit error */
nfct_attr_unset(ct, ATTR_SNAT_IPV4);
nfct_attr_unset(ct, ATTR_DNAT_IPV4);