Add CacheWriteThrough clause: external cache write through policy. This feature is particularly useful for active-active setup without connection persistency, ie. you cannot know which firewall would filter a packet that belongs to a connection.

1 files changed, 1 insertions, 20 deletions

diff --git a/src/cache_iterators.c b/src/cache_iterators.c
index 24506e4..c29100c 100644
--- a/src/cache_iterators.c
+++ b/src/cache_iterators.c
@@ -78,36 +78,17 @@ void cache_dump(struct cache *c, int fd, int type)
 static int do_commit(void *data1, void *data2)
 {
 	int ret;
-	u_int8_t flags;
 	struct cache *c = data1;
 	struct us_conntrack *u = data2;
 	struct nf_conntrack *ct = u->ct;
 
-	/* XXX: related connections */
-	if (nfct_attr_is_set(ct, ATTR_STATUS)) {
-		u_int32_t status = nfct_get_attr_u32(ct, ATTR_STATUS);
-		status &= ~IPS_EXPECTED;
-		nfct_set_attr_u32(ct, ATTR_STATUS, status);
-	}
-
-	nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
-
         /* 
 	 * Set a reduced timeout for candidate-to-be-committed
 	 * conntracks that live in the external cache
 	 */
 	nfct_set_attr_u32(ct, ATTR_TIMEOUT, CONFIG(commit_timeout));
 
-	/*
-	 * TCP flags to overpass window tracking for recovered connections
-	 */
-	flags = IP_CT_TCP_FLAG_BE_LIBERAL | IP_CT_TCP_FLAG_SACK_PERM;
-	nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags);
-	nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags);
-	nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags);
-	nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags);
-
-	ret = nfct_query(STATE(dump), NFCT_Q_CREATE_UPDATE, ct);
+	ret = nl_create_conntrack(ct);
 	if (ret == -1) {
 		switch(errno) {
 			case EEXIST: