summaryrefslogtreecommitdiffstats
path: root/src/sync-ftfw.c
Commit message (Collapse)AuthorAgeFilesLines
* ftfw: reset window and flush the resend queue during helloingPablo Neira Ayuso2008-09-251-1/+21
| | | | | | | | | | | | | This fixes two bugs when a hello message is received: * We can create malformed nack messages during the helloing. We have to reset the acknowlegdment window, otherwise we may create malformed nack messages. * We have to empty the resend list/queue when a hello message is received, otherwise the entries get stuck to the resend queue once the sequence number wraps around. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ftfw: fix race condition in the helloing routinePablo Neira Ayuso2008-09-251-14/+30
| | | | | | | | | | | | | | | | | | | | This patch fixes a race condition that can prevent one node from sending the initial hello message required to reset the sequence tracking. node A node B | | start | | hello msg |----------------------->| stop | | start | | |<-----------------------| hello-back msg In the picture above, the node A never sends the hello messages. Thus, the node B drops the next messages as they are in the before boundary. This patch adds a new state to the the helloing state-machine to fix this problem. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ftfw: fix race that triggers a double insertion into tx_listPablo Neira Ayuso2008-09-251-2/+9
| | | | | | | | This patch fixes a race condition that can trigger a double insertion to the tx_list. This happens if we receive two resync request very close or resync just after a nack or vice-versa. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* fix: remove node from tx_list when the state-entry is destroyPablo Neira Ayuso2008-09-211-6/+9
| | | | | | | | | This patches fixes a race that triggers a read-after-free access to the tx_list. The state-entry is destroyed but it is still in the list. The fix removes the state-entry from the tx_list in the destroy path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: remove some debug messages from sync-ftfw.cPablo Neira Ayuso2008-09-171-31/+8
| | | | | | | Remove useless debug messages, now we have a pluging for tcpdump to debug the FT-FW protocol. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ftfw: check for malformed ack and nack messagesPablo Neira Ayuso2008-09-161-0/+8
| | | | | | | This patch checks that the [from, to] interval of ack and nack messages is OK. In other words, we check that: to >= from Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rework the HELLO logic inside FT-FWPablo Neira Ayuso2008-05-261-6/+44
|
* add eventfd emulation to communicate receiver -> senderPablo Neira Ayuso2008-05-251-0/+5
|
* Fix reorder possible reordering of destroy messages under message omission. ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-291-6/+7
| | | | This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table.
* rework of the FT-FW approach/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-261-52/+185
|
* revert relicensing... still we use linux_list.h code which seems to be GPLv2 ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-081-1/+1
| | | | only which is incompatible AFAIK
* relicense conntrack-tools as GPLv3+, so far the most significant contributor ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-081-1/+1
| | | | has been Max Kellermann and has no issues with relicensing their contributions.
* implement a rb-tree based alarm framework/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-291-2/+2
|
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-231-2/+2
| | | | use size_t
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-201-1/+0
| | | | remove init_alarm() before add_alarm()
* Based on patch from Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-201-4/+2
| | | | merge mod_alarm() into add_alarm(), remove alarm_set_expiration()
* yet another rework of the alarm scheduler/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-181-2/+0
|
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-181-4/+4
| | | | Simplify logging infrastructure
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-171-4/+3
| | | | import only required C headers and put local headers on top to check
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-171-2/+2
| | | | use C99 integers (uint32_t instead of u_int32_t)
* fix missing bracket/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-1/+1
|
* more list_empty() use instead of directly check the header/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-5/+2
|
* use list_del_init() and list_empty() to check if a node is in the list/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-8/+7
|
* minor constification fixes/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-5/+5
| | | | update libnfnetlink dependencies
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-4/+5
| | | | Fix tons of gcc warnings
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-4/+2
| | | | set the return type of the parse functions to "void"
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-2/+2
| | | | use const when possible
* Max Kellermann <max@duempel.org>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-12/+7
| | | | Use list_for_each_entry() instead of list_for_each()
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-1/+1
| | | | | | the global variable "alarm" conflicts with the alarm() function from unistd.h. resolve that conflict by giving those two global variables a better name.
* improve alarm framework based on suggestions from Max Duempel/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-141-2/+2
|
* wake up the daemon iff there are real events to handle instead of polling ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-091-29/+31
| | | | (Based on comments from Max Kellerman)
* rename class `buffer' to `queue' which is what it really implements/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-051-20/+20
|
* o Use more appropriate names for the existing synchronization modes:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-211-0/+366
o rename `persistent' mode to `alarm' o rename `nack' mode to `ftfw' o Now default synchronization mode is ftfw instead of alarm