From 3c5e35974c65f4470e6543c2cc772c0f1824dc44 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Sun, 25 Nov 2007 18:08:02 +0000 Subject: Add CacheWriteThrough clause: external cache write through policy. This feature is particularly useful for active-active setup without connection persistency, ie. you cannot know which firewall would filter a packet that belongs to a connection. --- src/cache_iterators.c | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) (limited to 'src/cache_iterators.c') diff --git a/src/cache_iterators.c b/src/cache_iterators.c index 24506e4..c29100c 100644 --- a/src/cache_iterators.c +++ b/src/cache_iterators.c @@ -78,36 +78,17 @@ void cache_dump(struct cache *c, int fd, int type) static int do_commit(void *data1, void *data2) { int ret; - u_int8_t flags; struct cache *c = data1; struct us_conntrack *u = data2; struct nf_conntrack *ct = u->ct; - /* XXX: related connections */ - if (nfct_attr_is_set(ct, ATTR_STATUS)) { - u_int32_t status = nfct_get_attr_u32(ct, ATTR_STATUS); - status &= ~IPS_EXPECTED; - nfct_set_attr_u32(ct, ATTR_STATUS, status); - } - - nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); - /* * Set a reduced timeout for candidate-to-be-committed * conntracks that live in the external cache */ nfct_set_attr_u32(ct, ATTR_TIMEOUT, CONFIG(commit_timeout)); - /* - * TCP flags to overpass window tracking for recovered connections - */ - flags = IP_CT_TCP_FLAG_BE_LIBERAL | IP_CT_TCP_FLAG_SACK_PERM; - nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags); - nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags); - nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags); - nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags); - - ret = nfct_query(STATE(dump), NFCT_Q_CREATE_UPDATE, ct); + ret = nl_create_conntrack(ct); if (ret == -1) { switch(errno) { case EEXIST: -- cgit v1.2.3