conntrackd: add `DisableExternalCache' clause

This patch adds the clause `DisableExternalCache' that allows you to disable the external cache and to directly inject the entries into the kernel conntrack table. As a result, the CPU consumption of conntrackd increases. This clause can only be used with the FT-FW and the notrack synchronization modes, but not with the alarm mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2009-08-19 16:59:38 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2009-08-19 16:59:38 +0200
commit: 3e6852f806c4368eda451b39f12b2ac2f2b5d33b (patch)
tree: c4783baf3dec6aa3460e33426414e1da28a62b69 /include/external.h
parent: 32ca6a144903b2e6318ee61d1dda3f670d3c09da (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/include/external.h b/include/external.h
new file mode 100644
index 0000000..938941a
--- /dev/null
+++ b/include/external.h
@@ -0,0 +1,24 @@
+#ifndef _EXTERNAL_H_
+#define _EXTERNAL_H_
+
+struct nf_conntrack;
+
+struct external_handler {
+	int	(*init)(void);
+	void	(*close)(void);
+
+	void	(*new)(struct nf_conntrack *ct);
+	void	(*update)(struct nf_conntrack *ct);
+	void	(*destroy)(struct nf_conntrack *ct);
+
+	void	(*dump)(int fd, int type);
+	void	(*flush)(void);
+	void	(*commit)(struct nfct_handle *h, int fd);
+	void	(*stats)(int fd);
+	void	(*stats_ext)(int fd);
+};
+
+extern struct external_handler external_cache;
+extern struct external_handler external_inject;
+
+#endif
author	Pablo Neira Ayuso <pablo@netfilter.org>	2009-08-19 16:59:38 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2009-08-19 16:59:38 +0200
commit	3e6852f806c4368eda451b39f12b2ac2f2b5d33b (patch)
tree	c4783baf3dec6aa3460e33426414e1da28a62b69 /include/external.h
parent	32ca6a144903b2e6318ee61d1dda3f670d3c09da (diff)