summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAyuso/emailAddress=pablo@netfilter.org <Ayuso/emailAddress=pablo@netfilter.org>2007-12-21 18:35:10 +0000
committerYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>2007-12-23 03:14:53 +0900
commitfb17dccd91ba9448c2adaca2dcf0f9d665e1e8a4 (patch)
tree21fadc55e2bda77809b9bd55da8c8634c4c7ddfc
parent735a6fc681809beb52c160b09507aa0999fbc6ba (diff)
o add support for related conntracks (requires Linux kernel >= 2.6.22)
o update leftover references to `persistent' and `nack' modes
-rw-r--r--ChangeLog1
-rw-r--r--INSTALL8
-rw-r--r--TODO8
-rw-r--r--src/build.c14
-rw-r--r--src/parse.c6
-rw-r--r--src/read_config_yy.y20
6 files changed, 39 insertions, 18 deletions
diff --git a/ChangeLog b/ChangeLog
index e893439..2a3a112 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,7 @@ o Use more appropriate names for the existing synchronization modes:
o rename `nack' mode to `ftfw'
o Now default synchronization mode is ftfw instead of alarm
o rename `examples' directory to `doc'
+o add support for related conntracks (requires Linux kernel >= 2.6.22)
version 0.9.5 (2007/07/29)
------------------------------
diff --git a/INSTALL b/INSTALL
index f619c1e..cfb642e 100644
--- a/INSTALL
+++ b/INSTALL
@@ -115,9 +115,9 @@ Copyright (C) 2005-2007 Pablo Neira Ayuso <pablo netfilter org>
# cp examples/sync/_type_/node1/conntrackd.conf /etc/conntrackd.conf
Where _type_ is the synchronization type selected, currently there are
- two: the persistent mode and the NACK mode. The persistent mode consumes
- more resources than the NACK mode but resolves synchronization issues
- better. On the other the NACK mode reduces resource consumption. I'll
+ two: the alarm mode and the FTFW mode. The alarm mode consumes
+ more resources than the FTFW mode but resolves synchronization issues
+ better. On the other the FTFW mode reduces resource consumption. I'll
provide more information on both approaches soon.
Do not forget to edit the files in order to adapt them to the
@@ -171,7 +171,7 @@ Copyright (C) 2005-2007 Pablo Neira Ayuso <pablo netfilter org>
Therefore, on failure event, the candidate node takes over the virtual
IPs and the connections that the failing active was processing. Observe
- that this file differs for the NACK mode.
+ that this file differs for the FTFW mode.
6) Disable TCP window tracking
diff --git a/TODO b/TODO
index 7f5b949..61f7e69 100644
--- a/TODO
+++ b/TODO
@@ -3,12 +3,12 @@ by dificulty levels:
= Relatively easy =
[ ] improve shell scripts for keepalived/heartbeat: *really* important
- [ ] NACK as default protocol
- [ ] rename persistent to alarm
+ [X] NACK as default protocol
+ [X] rename persistent to alarm, rename nack to ftfw
[X] manpage for conntrackd(8)
[ ] add scripts to use the floating priority feature in keepalived to avoid
premature take over.
- [ ] ignorepool with unlimited size and ignore networks
+ [X] ignorepool with unlimited size and ignore networks
[ ] selective conntracks removal
[ ] debian/rpm packages
[ ] improve website
@@ -18,7 +18,7 @@ by dificulty levels:
= Requires some work =
[ ] study better keepalived transitions
[ ] test/fix ipv6 support
- [ ] add support setup related conntracks
+ [X] add support setup related conntracks
[ ] NAT sequence adjustment support
= Open issues that won't be ever resolved =
diff --git a/src/build.c b/src/build.c
index 109b26e..5fdc83f 100644
--- a/src/build.c
+++ b/src/build.c
@@ -102,6 +102,20 @@ void build_netpld(struct nf_conntrack *ct, struct netpld *pld, int query)
if (nfct_attr_is_set(ct, ATTR_STATUS))
__build_u32(ct, pld, ATTR_STATUS);
+ /* setup the master conntrack */
+ if (nfct_attr_is_set(ct, ATTR_MASTER_IPV4_SRC))
+ __build_u32(ct, pld, ATTR_MASTER_IPV4_SRC);
+ if (nfct_attr_is_set(ct, ATTR_MASTER_IPV4_DST))
+ __build_u32(ct, pld, ATTR_MASTER_IPV4_DST);
+ if (nfct_attr_is_set(ct, ATTR_MASTER_L3PROTO))
+ __build_u8(ct, pld, ATTR_MASTER_L3PROTO);
+ if (nfct_attr_is_set(ct, ATTR_MASTER_PORT_SRC))
+ __build_u16(ct, pld, ATTR_MASTER_PORT_SRC);
+ if (nfct_attr_is_set(ct, ATTR_MASTER_PORT_DST))
+ __build_u16(ct, pld, ATTR_MASTER_PORT_DST);
+ if (nfct_attr_is_set(ct, ATTR_MASTER_L4PROTO))
+ __build_u8(ct, pld, ATTR_MASTER_L4PROTO);
+
/* NAT */
if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) {
u_int32_t data = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST);
diff --git a/src/parse.c b/src/parse.c
index 8816e7a..0650995 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -56,6 +56,12 @@ parse h[ATTR_MAX] = {
[ATTR_MARK] = parse_u32,
[ATTR_STATUS] = parse_u32,
[ATTR_SECMARK] = parse_u32,
+ [ATTR_MASTER_IPV4_SRC] = parse_u32,
+ [ATTR_MASTER_IPV4_DST] = parse_u32,
+ [ATTR_MASTER_L3PROTO] = parse_u8,
+ [ATTR_MASTER_PORT_SRC] = parse_u16,
+ [ATTR_MASTER_PORT_DST] = parse_u16,
+ [ATTR_MASTER_L4PROTO] = parse_u8
};
void parse_netpld(struct nf_conntrack *ct, struct netpld *pld, int *query)
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 795aae9..6201923 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -362,37 +362,37 @@ sync_line: refreshtime
| multicast_line
| relax_transitions
| delay_destroy_msgs
- | sync_mode_persistent
- | sync_mode_nack
+ | sync_mode_alarm
+ | sync_mode_ftfw
| listen_to
| state_replication
| cache_writethrough
;
-sync_mode_persistent: T_SYNC_MODE T_ALARM '{' sync_mode_persistent_list '}'
+sync_mode_alarm: T_SYNC_MODE T_ALARM '{' sync_mode_alarm_list '}'
{
conf.flags |= SYNC_MODE_ALARM;
};
-sync_mode_nack: T_SYNC_MODE T_FTFW '{' sync_mode_nack_list '}'
+sync_mode_ftfw: T_SYNC_MODE T_FTFW '{' sync_mode_ftfw_list '}'
{
conf.flags |= SYNC_MODE_FTFW;
};
-sync_mode_persistent_list:
- | sync_mode_persistent_list sync_mode_persistent_line;
+sync_mode_alarm_list:
+ | sync_mode_alarm_list sync_mode_alarm_line;
-sync_mode_persistent_line: refreshtime
+sync_mode_alarm_line: refreshtime
| expiretime
| timeout
| relax_transitions
| delay_destroy_msgs
;
-sync_mode_nack_list:
- | sync_mode_nack_list sync_mode_nack_line;
+sync_mode_ftfw_list:
+ | sync_mode_ftfw_list sync_mode_ftfw_line;
-sync_mode_nack_line: resend_buffer_size
+sync_mode_ftfw_line: resend_buffer_size
| timeout
| window_size
;