conntrackd: CommitTimeout breaks DisableExternalCache set On

This patch introduces a new evaluate() function that can be used to spot
inconsistent configurations.

Don't allow CommitTimeout with DisableExternalCache On since this
results in EINVAL errors. CommitTimeout makes no sense with no external
cache.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

3 files changed, 25 insertions, 0 deletions

diff --git a/include/conntrackd.h b/include/conntrackd.h
index f995f4b..27e43db 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -300,6 +300,7 @@ extern struct ct_mode stats_mode;
 
 /* These live in run.c */
 void killer(int foo);
+int evaluate(void);
 int init(void);
 void select_main_loop(void);
 
diff --git a/src/main.c b/src/main.c
index febeaa9..1a57cf8 100644
--- a/src/main.c
+++ b/src/main.c
@@ -382,6 +382,17 @@ int main(int argc, char *argv[])
 	}
 
 	/*
+	 * Evaluate configuration
+	 */
+	if (evaluate() == -1) {
+		dlog(LOG_ERR, "conntrackd cannot start, please review your "
+		     "configuration");
+		close_log();
+		unlink(CONFIG(lockfile));
+		exit(EXIT_FAILURE);
+	}
+
+	/*
 	 * initialization process
 	 */
 
diff --git a/src/run.c b/src/run.c
index b71369b..1fe6cba 100644
--- a/src/run.c
+++ b/src/run.c
@@ -221,6 +221,19 @@ static void local_cb(void *data)
 	do_local_server_step(&STATE(local), NULL, local_handler);
 }
 
+int evaluate(void)
+{
+	if (CONFIG(sync).external_cache_disable &&
+	    CONFIG(commit_timeout)) {
+		dlog(LOG_WARNING, "`CommitTimeout' can't be combined with "
+		     "`DisableExternalCache', ignoring this option. "
+		     "Fix your configuration file.");
+		CONFIG(commit_timeout) = 0;
+	}
+
+	return 0;
+}
+
 int
 init(void)
 {