| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reworks the TLV-based protocol to reduce the overhead
in the message building. The idea is to group some attributes
that must be present in a consistent configuration. Putting them
together help us to save some cycles in the message building.
Now, oprofile reports ~15% of samples in the build path instead
of ~25%. CPU consumption for 3000 HTTP GET requests per second
(1000 concurrent with apache benchmark tool) is ~45% in my
testbed, that is ~19% more consumption than with no replication
at all.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the version field (8-bits long) to the nethdr
structure. This fields can be used to indicate the protocol version
in case that we detect an incompatibility between two conntrackd
daemons working with different protocol versions.
Unfortunately, this patch breaks backward compatibility, ie.
conntrackd <= 0.9.8 protocol is not compatible with the upcoming
conntrackd >= 0.9.9. Better do this now than later.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a race condition that can prevent one node from sending
the initial hello message required to reset the sequence tracking.
node A node B
| |
start | |
hello msg |----------------------->|
stop | |
start | |
|<-----------------------| hello-back msg
In the picture above, the node A never sends the hello messages. Thus,
the node B drops the next messages as they are in the before boundary.
This patch adds a new state to the the helloing state-machine to fix
this problem.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
o remove .svn directory from make distcheck tarballs (reported by B.Benjamini)
+
Krzysztof Oledzki <ole@ans.pl>:
o fix minor compilation warning
|
|
|
|
| |
use size_t
|
|
|
|
| |
remove unused prototype in network.h
|
|
|
|
| |
import only required C headers and put local headers on top to check
|
|
|
|
| |
use C99 integers (uint32_t instead of u_int32_t)
|
|
|
|
| |
Fix tons of gcc warnings
|
|
|
|
| |
add missing function prototypes
|
|
|
|
| |
use the comma operator instead of curly braces
|
|
|
|
|
|
|
|
|
| |
- use buffer of MTU size
conntrack:
- better protocol argument checkings
- fix per-protocol filtering, eg. conntrack -[L|E] -p tcp now works
- show per-protocol help, ie. conntrack -h -p tcp
- add alias --src for --orig-src and alias --dst for --orig-dst
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add len field to nethdr
- implement buffered send/recv to batch messages
- stop using netlink format for network messages: use similar TLV-based format
- reduce synchronization messages size up to 60%
- introduce periodic alive messages for sync-nack protocol
- timeslice alarm implementation: remove alarm pthread, remove locking
- simplify debugging functions: use nfct_snprintf instead
- remove major use of libnfnetlink functions: use libnetfilter_conntrack API
- deprecate conntrackd -F, use conntrack -F instead
- major rework of the network infrastructure: much simple, less messy
|
|
|
|
|
|
| |
- remove several debug calls
- create a child to dispatch dump requests: this will help to simplify the
current locking schema. Later.
|
|
|
|
| |
- several cleanups
|
|
|
|
|
|
|
|
| |
o remove reminiscents of delay destroy message and relax transitions
o remove confusing StripNAT parameter: NAT support enabled by default
o relax event tracking: *_update callbacks use cache_update_force
o use wraparound-aware functions after/before/between
o lots of cleanups
|
| |
|
|
chain
|