conntrackd: remove the cache write-through policy

This patch removes the cache write-through clause. This feature
remained undocumented although some has found it looking at the
source code. This feature has remained in the tree for quite
some time although it has several limitations. Moreover, it
is specifically broken and dangerous for Linux kernels >= 2.6.29
since it generates loops in the synchronization.

We do this removal first to prepare the introduction of a feature
to bypass the external cache.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

7 files changed, 5 insertions, 92 deletions

diff --git a/include/cache.h b/include/cache.h
index b6facdc..5df7aa9 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -12,9 +12,6 @@ enum {
 	TIMER_FEATURE = 0,
 	TIMER = (1 << TIMER_FEATURE),
 
-	WRITE_THROUGH_FEATURE = 1,
-	WRITE_THROUGH = (1 << WRITE_THROUGH_FEATURE),
-
 	__CACHE_MAX_FEATURE
 };
 #define CACHE_MAX_FEATURE __CACHE_MAX_FEATURE
@@ -48,7 +45,6 @@ struct cache_feature {
 
 extern struct cache_feature lifetime_feature;
 extern struct cache_feature timer_feature;
-extern struct cache_feature writethrough_feature;
 
 #define CACHE_MAX_NAMELEN 32
 
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 81cfd51..5a9e385 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -91,7 +91,6 @@ struct ct_conf {
 	unsigned int resend_queue_size; /* FTFW protocol */
 	unsigned int window_size;
 	int poll_kernel_secs;
-	int cache_write_through;
 	int filter_from_kernelspace;
 	int event_iterations_limit;
 	struct {
diff --git a/src/Makefile.am b/src/Makefile.am
index c338fee..1c8b34f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -14,7 +14,7 @@ conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \
 		    local.c log.c mcast.c udp.c netlink.c vector.c \
 		    filter.c fds.c event.c process.c origin.c \
 		    cache.c cache_iterators.c \
-		    cache_timer.c cache_wt.c \
+		    cache_timer.c \
 		    sync-mode.c sync-alarm.c sync-ftfw.c sync-notrack.c \
 		    traffic_stats.c stats-mode.c \
 		    network.c cidr.c \
diff --git a/src/cache.c b/src/cache.c
index 318b8ec..e4a024b 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -95,7 +95,6 @@ static int compare(const void *data1, const void *data2)
 
 struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = {
 	[TIMER_FEATURE]		= &timer_feature,
-	[WRITE_THROUGH_FEATURE] = &writethrough_feature,
 };
 
 struct cache *cache_create(const char *name, 
diff --git a/src/cache_wt.c b/src/cache_wt.c
deleted file mode 100644
index 34fe82e..0000000
--- a/src/cache_wt.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * (C) 2007 by Pablo Neira Ayuso <pablo@netfilter.org>
- * 
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "conntrackd.h"
-#include "cache.h"
-#include "netlink.h"
-#include "log.h"
-
-#include <string.h>
-#include <errno.h>
-
-static void add_wt(struct cache_object *obj)
-{
-	int ret;
-
-	ret = nl_get_conntrack(STATE(request), obj->ct);
-	switch (ret) {
-	case -1:
-		dlog(LOG_ERR, "cache_wt problem: %s", strerror(errno));
-		dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
-		break;
-	case 0:
-		if (nl_create_conntrack(STATE(dump), obj->ct, 0) == -1) {
-			dlog(LOG_ERR, "cache_wt create: %s", strerror(errno));
-			dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
-		}
-		break;
-	case 1:
-		if (nl_update_conntrack(STATE(dump), obj->ct, 0) == -1) {
-			dlog(LOG_ERR, "cache_wt crt-upd: %s", strerror(errno));
-			dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
-		}
-		break;
-	}
-}
-
-static void upd_wt(struct cache_object *obj)
-{
-	if (nl_update_conntrack(STATE(dump), obj->ct, 0) == -1) {
-		dlog(LOG_ERR, "cache_wt update:%s", strerror(errno));
-		dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
-	}
-}
-
-static void writethrough_add(struct cache_object *obj, void *data)
-{
-	add_wt(obj);
-}
-
-static void writethrough_update(struct cache_object *obj, void *data)
-{
-	upd_wt(obj);
-}
-
-static void writethrough_destroy(struct cache_object *obj, void *data)
-{
-	nl_destroy_conntrack(STATE(dump), obj->ct);
-}
-
-struct cache_feature writethrough_feature = {
-	.add		= writethrough_add,
-	.update		= writethrough_update,
-	.destroy	= writethrough_destroy,
-};
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 56fd2f8..cab7799 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -842,12 +842,14 @@ tcp_state: T_LISTEN
 
 cache_writethrough: T_WRITE_THROUGH T_ON
 {
-	conf.cache_write_through = 1;
+	print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, "
+				"ignoring");
 };
 
 cache_writethrough: T_WRITE_THROUGH T_OFF
 {
-	conf.cache_write_through = 0;
+	print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, "
+				"ignoring");
 };
 
 general: T_GENERAL '{' general_list '}';
diff --git a/src/sync-mode.c b/src/sync-mode.c
index a0ba830..699a585 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -274,10 +274,6 @@ static int init_sync(void)
 		return -1;
 	}
 
-	/* straight forward commit of conntrack to kernel space */
-	if (CONFIG(cache_write_through))
-		STATE_SYNC(sync)->external_cache_flags |= WRITE_THROUGH;
-
 	STATE_SYNC(external) = 
 		cache_create("external",
 			     STATE_SYNC(sync)->external_cache_flags,