| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This patch removes debug() and debug_ct(), I haven't use the
debugging information that these functions provide in years.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the caching system is implemented in a two layer
architecture: hashtable (inner layer) and cache (upper layer).
This patch reworks the hash-cache infrastructure to solve some
initial design problems to make it more flexible, the main strong
points of this patch are:
* Memory handling is done in the cache layer, not in the inner
hashtable layer. This removes one of the main dependencies between
the hashtable and the cache classes.
* Remove excessive encapsulation: the former cache used to hide a
lot of details of the inner hashtable implementation.
* Fix over-hashing of some operations: lookup-delete-add required
three hash calculations. Similarly, the update-or-add operation
required two hash calculations. Now, we calculate the hash once
and re-use the value how many times as we need.
This patch simplifies the caching system. As a result, we save ~130
lines of code. Small code means and less complexity means less
chance to have bugs.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Fix wrong output in the dump of the expire timer which was negative.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
only which is incompatible AFAIK
|
|
|
|
| |
has been Max Kellermann and has no issues with relicensing their contributions.
|
| |
|
|
|
|
| |
introduce alarm_pending()
|
|
|
|
| |
merge mod_alarm() into add_alarm(), remove alarm_set_expiration()
|
|
|
|
| |
import only required C headers and put local headers on top to check
|
|
|
|
| |
Fix tons of gcc warnings
|
|
|
|
| |
set the return type of the parse functions to "void"
|
|
|
|
| |
fix wrong invocations after prototype cleanup
|
| |
|
|
|
|
| |
(Based on comments from Max Kellerman)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add len field to nethdr
- implement buffered send/recv to batch messages
- stop using netlink format for network messages: use similar TLV-based format
- reduce synchronization messages size up to 60%
- introduce periodic alive messages for sync-nack protocol
- timeslice alarm implementation: remove alarm pthread, remove locking
- simplify debugging functions: use nfct_snprintf instead
- remove major use of libnfnetlink functions: use libnetfilter_conntrack API
- deprecate conntrackd -F, use conntrack -F instead
- major rework of the network infrastructure: much simple, less messy
|
|
chain
|