From 95c587ae01373ded13d696b155c7f277030a03d3 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 23 May 2009 20:58:55 +0200 Subject: conntrackd: remove the cache write-through policy This patch removes the cache write-through clause. This feature remained undocumented although some has found it looking at the source code. This feature has remained in the tree for quite some time although it has several limitations. Moreover, it is specifically broken and dangerous for Linux kernels >= 2.6.29 since it generates loops in the synchronization. We do this removal first to prepare the introduction of a feature to bypass the external cache. Signed-off-by: Pablo Neira Ayuso --- include/cache.h | 4 --- include/conntrackd.h | 1 - src/Makefile.am | 2 +- src/cache.c | 1 - src/cache_wt.c | 79 ---------------------------------------------------- src/read_config_yy.y | 6 ++-- src/sync-mode.c | 4 --- 7 files changed, 5 insertions(+), 92 deletions(-) delete mode 100644 src/cache_wt.c diff --git a/include/cache.h b/include/cache.h index b6facdc..5df7aa9 100644 --- a/include/cache.h +++ b/include/cache.h @@ -12,9 +12,6 @@ enum { TIMER_FEATURE = 0, TIMER = (1 << TIMER_FEATURE), - WRITE_THROUGH_FEATURE = 1, - WRITE_THROUGH = (1 << WRITE_THROUGH_FEATURE), - __CACHE_MAX_FEATURE }; #define CACHE_MAX_FEATURE __CACHE_MAX_FEATURE @@ -48,7 +45,6 @@ struct cache_feature { extern struct cache_feature lifetime_feature; extern struct cache_feature timer_feature; -extern struct cache_feature writethrough_feature; #define CACHE_MAX_NAMELEN 32 diff --git a/include/conntrackd.h b/include/conntrackd.h index 81cfd51..5a9e385 100644 --- a/include/conntrackd.h +++ b/include/conntrackd.h @@ -91,7 +91,6 @@ struct ct_conf { unsigned int resend_queue_size; /* FTFW protocol */ unsigned int window_size; int poll_kernel_secs; - int cache_write_through; int filter_from_kernelspace; int event_iterations_limit; struct { diff --git a/src/Makefile.am b/src/Makefile.am index c338fee..1c8b34f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -14,7 +14,7 @@ conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \ local.c log.c mcast.c udp.c netlink.c vector.c \ filter.c fds.c event.c process.c origin.c \ cache.c cache_iterators.c \ - cache_timer.c cache_wt.c \ + cache_timer.c \ sync-mode.c sync-alarm.c sync-ftfw.c sync-notrack.c \ traffic_stats.c stats-mode.c \ network.c cidr.c \ diff --git a/src/cache.c b/src/cache.c index 318b8ec..e4a024b 100644 --- a/src/cache.c +++ b/src/cache.c @@ -95,7 +95,6 @@ static int compare(const void *data1, const void *data2) struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = { [TIMER_FEATURE] = &timer_feature, - [WRITE_THROUGH_FEATURE] = &writethrough_feature, }; struct cache *cache_create(const char *name, diff --git a/src/cache_wt.c b/src/cache_wt.c deleted file mode 100644 index 34fe82e..0000000 --- a/src/cache_wt.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * (C) 2007 by Pablo Neira Ayuso - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "conntrackd.h" -#include "cache.h" -#include "netlink.h" -#include "log.h" - -#include -#include - -static void add_wt(struct cache_object *obj) -{ - int ret; - - ret = nl_get_conntrack(STATE(request), obj->ct); - switch (ret) { - case -1: - dlog(LOG_ERR, "cache_wt problem: %s", strerror(errno)); - dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); - break; - case 0: - if (nl_create_conntrack(STATE(dump), obj->ct, 0) == -1) { - dlog(LOG_ERR, "cache_wt create: %s", strerror(errno)); - dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); - } - break; - case 1: - if (nl_update_conntrack(STATE(dump), obj->ct, 0) == -1) { - dlog(LOG_ERR, "cache_wt crt-upd: %s", strerror(errno)); - dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); - } - break; - } -} - -static void upd_wt(struct cache_object *obj) -{ - if (nl_update_conntrack(STATE(dump), obj->ct, 0) == -1) { - dlog(LOG_ERR, "cache_wt update:%s", strerror(errno)); - dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); - } -} - -static void writethrough_add(struct cache_object *obj, void *data) -{ - add_wt(obj); -} - -static void writethrough_update(struct cache_object *obj, void *data) -{ - upd_wt(obj); -} - -static void writethrough_destroy(struct cache_object *obj, void *data) -{ - nl_destroy_conntrack(STATE(dump), obj->ct); -} - -struct cache_feature writethrough_feature = { - .add = writethrough_add, - .update = writethrough_update, - .destroy = writethrough_destroy, -}; diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 56fd2f8..cab7799 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -842,12 +842,14 @@ tcp_state: T_LISTEN cache_writethrough: T_WRITE_THROUGH T_ON { - conf.cache_write_through = 1; + print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, " + "ignoring"); }; cache_writethrough: T_WRITE_THROUGH T_OFF { - conf.cache_write_through = 0; + print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, " + "ignoring"); }; general: T_GENERAL '{' general_list '}'; diff --git a/src/sync-mode.c b/src/sync-mode.c index a0ba830..699a585 100644 --- a/src/sync-mode.c +++ b/src/sync-mode.c @@ -274,10 +274,6 @@ static int init_sync(void) return -1; } - /* straight forward commit of conntrack to kernel space */ - if (CONFIG(cache_write_through)) - STATE_SYNC(sync)->external_cache_flags |= WRITE_THROUGH; - STATE_SYNC(external) = cache_create("external", STATE_SYNC(sync)->external_cache_flags, -- cgit v1.2.3