On Tue, Sep 18, 2012 at 03:36:54PM -0700, Ansis Atteka wrote:
> On Tue, Sep 18, 2012 at 12:23 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > On Thu, Sep 13, 2012 at 12:37:18AM -0700, Ansis Atteka wrote:
> > [...]
> >> I know that this would be a massive change, so I might miss
> >> something in the proposal. Anyway feel free to correct me or ask for
> >> more details where necessary. Here is a list of necessary changes:
> >>
> >> 1. Quite a lot of refactoring in configuration parser.
> >>
> >> I would suggest to split ct_conf struct into three logical pieces (i.e. smaller
> >> structs):
> >> a. channel config (instance per remote conntrackd instance)
> >> b. conntrack-state config (instance per namespace)
> >> c. static/global config (single instance; Would contain path to log
> >> file, unix socket e.t.c.)
> >
> > I always wanted to clean up ct_conf. See patch attached, I didn't
> > commit it yet since I want to give it some test (Please, not need to
> > rebase the patch we're currently discussing upon it).
>
> I don't see any patches attached.
Sorry, here it is.
> >> This decoupling would allow much more easily to maintain relation
> >> between conntrack-states and channels (for example, when multiple
> >> namespaces are using the same channel).
> >
> > I'm not familiar with the channel definition you're using.
>
> By "channel" I meant channel & channel_ops structures.
>
> > link abstraction (ie. TCP / UDP / MCAST / TIPC ...).
>
> I guess we are actually talking about the same thing.
OK, so what new channel do you need to add. What communication
primitive will it use?
> >> Also, currently CONFIG(X) macro allows to reference only a single ct_conf
> >> instance. This will need to be changed so that each namespace has its own
> >> ct_conf_sync instance. And each channel has its own ct_conf_channel instance.
> >>
> >> Also, I am afraid that, for this to make more sense, I would have to extend
> >> conntrackd.conf syntax, For example,introduce following top-level sections:
> >> channel {}, sync {} and global {} respectively.
> >>
> >> 2. Allow to add, remove and list configuration dynamically without
> >> restarting conntrackd. This would require ability to start conntrackd
> >> with minimal global/static configuration. After that add namespaces and
> >> channel configuration by using Unix Domain socket.
> >>
> >> For example, instead of starting conntrackd with following command:
> >> conntrackd -C /etc/conntrackd/conntrackd.conf
> >>
> >> One would have to use something like this:
> >> conntrackd --global-config /etc/conntrackd/conntrackd_global.conf #
> >> This config file would just specify Unix socket, log file e.t.c.
> >> and then on-the-fly add channel and namespace configuration with:
> >> conntrackd -U /var/run/conntrackd.ctl --add
> >> /etc/conntrackd/conntrackd_namespace1.conf
> >> conntrackd -U /var/run/conntrackd.ctl --add
> >> /etc/conntrackd/conntrackd_channel1.conf
> >> conntrackd -U /var/run/conntrackd.ctl --add
> >> /etc/conntrackd/conntrackd_namespace2.conf
> >> conntrackd -U /var/run/conntrackd.ctl --add
> >> /etc/conntrackd/conntrackd_channel2.conf
> >>
> >> We could glue namespaces together with channels by using some IDs.
> >>
> >> Another question is, whether over the Unix domain socket we would prefer to
> >> transfer binary (already parsed) or textual (yet unparsed) configuration?
> >>
> >> Also, I would need to figure out if/how to maintain backward compatibility with
> >> already existing commands, when there are multiple namespaces (e.g. dump
> >> internal cache, commit external cache ...).
> >>
> >> 3. Wire protocol format improvements, so that namespace ID would be encapsulated
> >> into the protocol too. This is required, when same channel is being
> >> used by multiple namespaces.
> >
> > This only requires adding one new TLV attribute to identify this. So
> > we don't need to bloat the header with one field that is not use.
>
> Here is how I am currently doing that:
>
> struct nethdr {
> #if __BYTE_ORDER == __LITTLE_ENDIAN
> uint8_t type:4,
> version:4;
> #elif __BYTE_ORDER == __BIG_ENDIAN
> uint8_t version:4,
> type:4;
> #else
> #error "Unknown system endianess!"
> #endif
> uint8_t flags;
> uint16_t len;
> uint32_t seq;
> uint32_t nsid; < -present only if nethdr.flag &
> };
> nsid is the namespace id. This field would be present only
> if nethdr.flags & NET_F_NAMESPACE != 0.
That adds an always zero field for the non-namespace case in the
protocol fixed header. TLVs can be used for optional fields.
> Could you please elaborate more on your suggested approach? If I
> understand it correctly, then you want to add the namespace id
> inside the data section that follows immediately after the nethdr
> structure as TLV variable?
Yes.
See enum nta_attr and add NTA_NAMESPACE and NTA_EXP_NAMESPACE. Then
implement that attribute in src/build.c and src/parse.c.
You can change msg2ct_alloc and msg2exp_alloc to return the netns
value:
struct nf_conntrack *msg2ct_alloc(struct nethdr *net, int remain, int *ns);
> Also, if I understand correctly, then after nethdr conntrackd
> simply transfers nf_conntrack struct (or the contents of cache
> object). I have had imagined that we should have cache table
> per namespace, so storing namespace id inside nf_conntrackd
> would become redundant.
You don't need to store in the struct nf_conntrack, you can slightly
generalize the parse function to:
static void
ns_parse_u32(void *data, int attr, void *data)
{
int *ns = data;
*ns = ntohl(*ns);
}
No need to always take struct nf_conntrack as first parameter. Then
msg2ct returns the namespace.
> What is your take on this?
>
> >
> >> 4. Similarly as CONFIG(x) was broken down into 3 logical pieces, the
> >> same thing would
> >> need to be done for STATE(x) macros.
> >
> > This seems to be a huge changeset what you're proposing.
> >
> > I need some convincing architecture example that describes how this
> > can be used before you submit such a big patch. I need to understand
> > it to know if there is a different way to make this.
Still waiting for the description of the big picture of the
architecture.
>From 6aa52c43f2babafa5ed842b5648e832e1544370d Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Thu, 13 Sep 2012 14:09:26 +0200
Subject: [PATCH] src: cleanup struct ct_conf
This patch reorganized the huge struct ct_conf and group
parameters by scope.
Some renaming were also done to use more descriptive names.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
include/conntrackd.h | 74 ++++-----
src/build.c | 5 +-
src/cache-ct.c | 14 +-
src/cache-exp.c | 10 +-
src/cache.c | 7 +-
src/cache_timer.c | 4 +-
src/channel.c | 2 +-
src/ctnl.c | 46 +++---
src/external_inject.c | 2 +-
src/internal_bypass.c | 4 +-
src/log.c | 20 +--
src/main.c | 18 ++-
src/netlink.c | 39 +++--
src/read_config_yy.y | 416 +++++++++++++++++++++++++------------------------
src/run.c | 18 +--
src/sync-alarm.c | 13 +-
src/sync-ftfw.c | 10 +-
src/sync-mode.c | 30 ++--
src/sync-notrack.c | 2 +-
19 files changed, 367 insertions(+), 367 deletions(-)
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 19e613c..b4b4c51 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -85,51 +85,51 @@ union inet_address {
#define CONFIG(x) conf.x
struct ct_conf {
- char logfile[FILENAME_MAXLEN];
- int syslog_facility;
- char lockfile[FILENAME_MAXLEN];
- int hashsize; /* hashtable size */
- int channel_num;
- int channel_default;
- int channel_type_global;
- struct channel_conf channel[MULTICHANNEL_MAX];
- struct local_conf local; /* unix socket facilities */
- int nice;
- int limit;
- int refresh;
- int cache_timeout; /* cache entries timeout */
- int commit_timeout; /* committed entries timeout */
- unsigned int purge_timeout; /* purge kernel entries timeout */
- unsigned int netlink_buffer_size;
- unsigned int netlink_buffer_size_max_grown;
- int nl_overrun_resync;
- unsigned int flags;
- int family; /* protocol family */
- unsigned int resend_queue_size; /* FTFW protocol */
- unsigned int window_size;
- int poll_kernel_secs;
- int filter_from_kernelspace;
- int event_iterations_limit;
struct {
- int error_queue_length;
- } channelc;
+ unsigned int flags;
+ int family; /* protocol family */
+ char logfile[FILENAME_MAXLEN];
+ int syslog_facility;
+ char lockfile[FILENAME_MAXLEN];
+ int nice;
+ int sched_type;
+ int sched_prio;
+ struct local_conf local; /* unix socket facilities */
+ } general;
struct {
- int internal_cache_disable;
- int external_cache_disable;
- int tcp_window_tracking;
- } sync;
+ int buckets; /* number of buckets */
+ int max_entries; /* maximum number of entries */
+ } hashtable;
+ struct {
+ int num;
+ int default_num;
+ int type;
+ struct channel_conf conf[MULTICHANNEL_MAX];
+ int error_queue_length;
+ } channel;
struct {
int subsys_id;
int groups;
int events_reliable;
- } netlink;
- struct {
+ int event_iterations_limit;
+ unsigned int buffer_size;
+ unsigned int buffer_size_max;
+ int overrun_resync;
int commit_steps;
- } general;
+ int poll_secs; /* poll from kernel every X secs */
+ unsigned int purge_timeout; /* purge kernel entries timeout */
+ int filter_from_kernel;
+ int commit_timeout; /* committed entries timeout */
+ } nl;
struct {
- int type;
- int prio;
- } sched;
+ int internal_cache_disable; /* is internal cache enabled? */
+ int external_cache_disable; /* is external cache enabled? */
+ int tcp_window_tracking; /* is TCP tracking enabled? */
+ int alarm_timeout; /* alarm protocol */
+ int alarm_refresh; /* alarm protocol */
+ unsigned int resend_queue_size; /* FTFW protocol */
+ unsigned int window_size; /* FTFW protocol */
+ } sync;
struct {
char logfile[FILENAME_MAXLEN];
int syslog_facility;
diff --git a/src/build.c b/src/build.c
index 7d4ef12..9c921c4 100644
--- a/src/build.c
+++ b/src/build.c
@@ -191,7 +191,7 @@ void ct2msg(const struct nf_conntrack *ct, struct nethdr *n)
if (l4proto_fcn[l4proto].build)
l4proto_fcn[l4proto].build(ct, n);
- if (!CONFIG(commit_timeout) && nfct_attr_is_set(ct, ATTR_TIMEOUT))
+ if (!CONFIG(nl).commit_timeout && nfct_attr_is_set(ct, ATTR_TIMEOUT))
ct_build_u32(ct, ATTR_TIMEOUT, n, NTA_TIMEOUT);
if (nfct_attr_is_set(ct, ATTR_MARK))
ct_build_u32(ct, ATTR_MARK, n, NTA_MARK);
@@ -335,7 +335,8 @@ void exp2msg(const struct nf_expect *exp, struct nethdr *n)
if (exp_l4proto_fcn[l4proto].build)
exp_l4proto_fcn[l4proto].build(ct, n, NTA_EXP_MASK_PORT);
- if (!CONFIG(commit_timeout) && nfexp_attr_is_set(exp, ATTR_EXP_TIMEOUT))
+ if (!CONFIG(nl).commit_timeout &&
+ nfexp_attr_is_set(exp, ATTR_EXP_TIMEOUT))
exp_build_u32(exp, ATTR_EXP_TIMEOUT, n, NTA_EXP_TIMEOUT);
exp_build_u32(exp, ATTR_EXP_FLAGS, n, NTA_EXP_FLAGS);
diff --git a/src/cache-ct.c b/src/cache-ct.c
index 0ad8d2a..0cf8f2b 100644
--- a/src/cache-ct.c
+++ b/src/cache-ct.c
@@ -132,7 +132,7 @@ static int cache_ct_dump_step(void *data1, void *n)
* specific and it breaks conntrackd modularity. Probably
* there's a nicer way to do this but until I come up with it...
*/
- if (CONFIG(flags) & CTD_SYNC_FTFW && obj->status == C_OBJ_DEAD)
+ if (CONFIG(general).flags & CTD_SYNC_FTFW && obj->status == C_OBJ_DEAD)
return 0;
/* do not show cached timeout, this may confuse users */
@@ -176,8 +176,8 @@ cache_ct_commit_step(struct __commit_container *tmp, struct cache_object *obj)
int ret, retry = 1, timeout;
struct nf_conntrack *ct = obj->ptr;
- if (CONFIG(commit_timeout)) {
- timeout = CONFIG(commit_timeout);
+ if (CONFIG(nl).commit_timeout) {
+ timeout = CONFIG(nl).commit_timeout;
} else {
timeout = time(NULL) - obj->lastupdate;
if (timeout < 0) {
@@ -263,9 +263,9 @@ static int cache_ct_commit(struct cache *c, struct nfct_handle *h, int clientfd)
STATE_SYNC(commit).current =
hashtable_iterate_limit(c->h, &tmp,
STATE_SYNC(commit).current,
- CONFIG(general).commit_steps,
+ CONFIG(nl).commit_steps,
cache_ct_commit_master);
- if (STATE_SYNC(commit).current < CONFIG(hashsize)) {
+ if (STATE_SYNC(commit).current < CONFIG(hashtable).buckets) {
STATE_SYNC(commit).state = COMMIT_STATE_MASTER;
/* give it another step as soon as possible */
write_evfd(STATE_SYNC(commit).evfd);
@@ -277,9 +277,9 @@ static int cache_ct_commit(struct cache *c, struct nfct_handle *h, int clientfd)
STATE_SYNC(commit).current =
hashtable_iterate_limit(c->h, &tmp,
STATE_SYNC(commit).current,
- CONFIG(general).commit_steps,
+ CONFIG(nl).commit_steps,
cache_ct_commit_related);
- if (STATE_SYNC(commit).current < CONFIG(hashsize)) {
+ if (STATE_SYNC(commit).current < CONFIG(hashtable).buckets) {
STATE_SYNC(commit).state = COMMIT_STATE_RELATED;
/* give it another step as soon as possible */
write_evfd(STATE_SYNC(commit).evfd);
diff --git a/src/cache-exp.c b/src/cache-exp.c
index e88877a..bbacf6d 100644
--- a/src/cache-exp.c
+++ b/src/cache-exp.c
@@ -132,7 +132,7 @@ static int cache_exp_dump_step(void *data1, void *n)
* specific and it breaks conntrackd modularity. Probably
* there's a nicer way to do this but until I come up with it...
*/
- if (CONFIG(flags) & CTD_SYNC_FTFW && obj->status == C_OBJ_DEAD)
+ if (CONFIG(general).flags & CTD_SYNC_FTFW && obj->status == C_OBJ_DEAD)
return 0;
/* do not show cached timeout, this may confuse users */
@@ -172,8 +172,8 @@ static int cache_exp_commit_step(void *data, void *n)
int ret, retry = 1, timeout;
struct nf_expect *exp = obj->ptr;
- if (CONFIG(commit_timeout)) {
- timeout = CONFIG(commit_timeout);
+ if (CONFIG(nl).commit_timeout) {
+ timeout = CONFIG(nl).commit_timeout;
} else {
timeout = time(NULL) - obj->lastupdate;
if (timeout < 0) {
@@ -240,9 +240,9 @@ cache_exp_commit(struct cache *c, struct nfct_handle *h, int clientfd)
STATE_SYNC(commit).current =
hashtable_iterate_limit(c->h, &tmp,
STATE_SYNC(commit).current,
- CONFIG(general).commit_steps,
+ CONFIG(nl).commit_steps,
cache_exp_commit_step);
- if (STATE_SYNC(commit).current < CONFIG(hashsize)) {
+ if (STATE_SYNC(commit).current < CONFIG(hashtable).buckets) {
STATE_SYNC(commit).state = COMMIT_STATE_MASTER;
/* give it another step as soon as possible */
write_evfd(STATE_SYNC(commit).evfd);
diff --git a/src/cache.c b/src/cache.c
index 7c41e54..38ff2fa 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -98,10 +98,9 @@ struct cache *cache_create(const char *name, enum cache_type type,
}
c->ops = ops;
- c->h = hashtable_create(CONFIG(hashsize),
- CONFIG(limit),
- c->ops->hash,
- c->ops->cmp);
+ c->h = hashtable_create(CONFIG(hashtable).buckets,
+ CONFIG(hashtable).max_entries,
+ c->ops->hash, c->ops->cmp);
if (!c->h) {
free(c->features);
free(c->feature_offset);
diff --git a/src/cache_timer.c b/src/cache_timer.c
index 5881236..6d66351 100644
--- a/src/cache_timer.c
+++ b/src/cache_timer.c
@@ -35,13 +35,13 @@ static void timer_add(struct cache_object *obj, void *data)
struct alarm_block *a = data;
init_alarm(a, obj, timeout);
- add_alarm(a, CONFIG(cache_timeout), 0);
+ add_alarm(a, CONFIG(sync).alarm_timeout, 0);
}
static void timer_update(struct cache_object *obj, void *data)
{
struct alarm_block *a = data;
- add_alarm(a, CONFIG(cache_timeout), 0);
+ add_alarm(a, CONFIG(sync).alarm_timeout, 0);
}
static void timer_destroy(struct cache_object *obj, void *data)
diff --git a/src/channel.c b/src/channel.c
index 8b7c319..ce674f0 100644
--- a/src/channel.c
+++ b/src/channel.c
@@ -33,7 +33,7 @@ int channel_init(void)
ops[CHANNEL_UDP] = &channel_udp;
ops[CHANNEL_TCP] = &channel_tcp;
- errorq = queue_create("errorq", CONFIG(channelc).error_queue_length, 0);
+ errorq = queue_create("errorq", CONFIG(channel).error_queue_length, 0);
if (errorq == NULL) {
return -1;
}
diff --git a/src/ctnl.c b/src/ctnl.c
index bb54727..e7a44d7 100644
--- a/src/ctnl.c
+++ b/src/ctnl.c
@@ -41,7 +41,7 @@
void ctnl_kill(void)
{
- if (!(CONFIG(flags) & CTD_POLL))
+ if (!(CONFIG(general).flags & CTD_POLL))
nfct_close(STATE(event));
nfct_close(STATE(resync));
@@ -85,7 +85,7 @@ static void local_resync_master(void)
static void local_exp_flush_master(void)
{
- if (!(CONFIG(flags) & CTD_EXPECT))
+ if (!(CONFIG(general).flags & CTD_EXPECT))
return;
STATE(stats).nl_kernel_table_flush++;
@@ -102,7 +102,7 @@ static void local_exp_flush_master(void)
static void local_exp_resync_master(void)
{
- if (!(CONFIG(flags) & CTD_EXPECT))
+ if (!(CONFIG(general).flags & CTD_EXPECT))
return;
if (STATE(mode)->internal->flags & INTERNAL_F_POPULATE) {
@@ -164,10 +164,10 @@ static void do_polling_alarm(struct alarm_block *a, void *data)
STATE(mode)->internal->exp.purge();
nl_send_resync(STATE(resync));
- if (CONFIG(flags) & CTD_EXPECT)
+ if (CONFIG(general).flags & CTD_EXPECT)
nl_send_expect_resync(STATE(resync));
- add_alarm(&STATE(polling_alarm), CONFIG(poll_kernel_secs), 0);
+ add_alarm(&STATE(polling_alarm), CONFIG(nl).poll_secs, 0);
}
static int event_handler(const struct nlmsghdr *nlh,
@@ -180,7 +180,7 @@ static int event_handler(const struct nlmsghdr *nlh,
STATE(stats).nl_events_received++;
/* skip user-space filtering if already do it in the kernel */
- if (ct_filter_conntrack(ct, !CONFIG(filter_from_kernelspace))) {
+ if (ct_filter_conntrack(ct, !CONFIG(nl).filter_from_kernel)) {
STATE(stats).nl_events_filtered++;
goto out;
}
@@ -329,7 +329,7 @@ static void event_cb(void *data)
ret = nfct_catch(STATE(event));
/* reset event iteration limit counter */
- STATE(event_iterations_limit) = CONFIG(event_iterations_limit);
+ STATE(event_iterations_limit) = CONFIG(nl).event_iterations_limit;
if (ret == -1) {
switch(errno) {
case ENOBUFS:
@@ -359,10 +359,10 @@ static void event_cb(void *data)
* we resync ourselves.
*/
nl_resize_socket_buffer(STATE(event));
- if (CONFIG(nl_overrun_resync) > 0 &&
+ if (CONFIG(nl).overrun_resync > 0 &&
STATE(mode)->internal->flags & INTERNAL_F_RESYNC) {
add_alarm(&STATE(resync_alarm),
- CONFIG(nl_overrun_resync),0);
+ CONFIG(nl).overrun_resync, 0);
}
STATE(stats).nl_catch_event_failed++;
STATE(stats).nl_overrun++;
@@ -399,14 +399,14 @@ static void poll_cb(void *data)
int ctnl_init(void)
{
- if (CONFIG(flags) & CTD_STATS_MODE)
+ if (CONFIG(general).flags & CTD_STATS_MODE)
STATE(mode) = &stats_mode;
- else if (CONFIG(flags) & CTD_SYNC_MODE)
+ else if (CONFIG(general).flags & CTD_SYNC_MODE)
STATE(mode) = &sync_mode;
else {
fprintf(stderr, "WARNING: No running mode specified. "
"Defaulting to statistics mode.\n");
- CONFIG(flags) |= CTD_STATS_MODE;
+ CONFIG(general).flags |= CTD_STATS_MODE;
STATE(mode) = &stats_mode;
}
@@ -417,7 +417,7 @@ int ctnl_init(void)
}
/* resynchronize (like 'dump' socket) but it also purges old entries */
- STATE(resync) = nfct_open(CONFIG(netlink).subsys_id, 0);
+ STATE(resync) = nfct_open(CONFIG(nl).subsys_id, 0);
if (STATE(resync)== NULL) {
dlog(LOG_ERR, "can't open netlink handler: %s",
strerror(errno));
@@ -428,7 +428,7 @@ int ctnl_init(void)
NFCT_T_ALL,
STATE(mode)->internal->ct.resync,
NULL);
- if (CONFIG(flags) & CTD_POLL) {
+ if (CONFIG(general).flags & CTD_POLL) {
register_fd(nfct_fd(STATE(resync)), poll_cb,
NULL, STATE(fds));
} else {
@@ -438,7 +438,7 @@ int ctnl_init(void)
fcntl(nfct_fd(STATE(resync)), F_SETFL, O_NONBLOCK);
if (STATE(mode)->internal->flags & INTERNAL_F_POPULATE) {
- STATE(dump) = nfct_open(CONFIG(netlink).subsys_id, 0);
+ STATE(dump) = nfct_open(CONFIG(nl).subsys_id, 0);
if (STATE(dump) == NULL) {
dlog(LOG_ERR, "can't open netlink handler: %s",
strerror(errno));
@@ -448,7 +448,7 @@ int ctnl_init(void)
nfct_callback_register(STATE(dump), NFCT_T_ALL,
dump_handler, NULL);
- if (CONFIG(flags) & CTD_EXPECT) {
+ if (CONFIG(general).flags & CTD_EXPECT) {
nfexp_callback_register(STATE(dump), NFCT_T_ALL,
exp_dump_handler, NULL);
}
@@ -458,7 +458,7 @@ int ctnl_init(void)
return -1;
}
- if (CONFIG(flags) & CTD_EXPECT) {
+ if (CONFIG(general).flags & CTD_EXPECT) {
if (nl_dump_expect_table(STATE(dump)) == -1) {
dlog(LOG_ERR, "can't get kernel "
"expect table");
@@ -467,7 +467,7 @@ int ctnl_init(void)
}
}
- STATE(get) = nfct_open(CONFIG(netlink).subsys_id, 0);
+ STATE(get) = nfct_open(CONFIG(nl).subsys_id, 0);
if (STATE(get) == NULL) {
dlog(LOG_ERR, "can't open netlink handler: %s",
strerror(errno));
@@ -476,12 +476,12 @@ int ctnl_init(void)
}
nfct_callback_register(STATE(get), NFCT_T_ALL, get_handler, NULL);
- if (CONFIG(flags) & CTD_EXPECT) {
+ if (CONFIG(general).flags & CTD_EXPECT) {
nfexp_callback_register(STATE(get), NFCT_T_ALL,
exp_get_handler, NULL);
}
- STATE(flush) = nfct_open(CONFIG(netlink).subsys_id, 0);
+ STATE(flush) = nfct_open(CONFIG(nl).subsys_id, 0);
if (STATE(flush) == NULL) {
dlog(LOG_ERR, "cannot open flusher handler");
return -1;
@@ -489,9 +489,9 @@ int ctnl_init(void)
/* register this handler as the origin of a flush operation */
origin_register(STATE(flush), CTD_ORIGIN_FLUSH);
- if (CONFIG(flags) & CTD_POLL) {
+ if (CONFIG(general).flags & CTD_POLL) {
init_alarm(&STATE(polling_alarm), NULL, do_polling_alarm);
- add_alarm(&STATE(polling_alarm), CONFIG(poll_kernel_secs), 0);
+ add_alarm(&STATE(polling_alarm), CONFIG(nl).poll_secs, 0);
dlog(LOG_NOTICE, "running in polling mode");
} else {
init_alarm(&STATE(resync_alarm), NULL, do_overrun_resync_alarm);
@@ -513,7 +513,7 @@ int ctnl_init(void)
nfct_callback_register2(STATE(event), NFCT_T_ALL,
event_handler, NULL);
- if (CONFIG(flags) & CTD_EXPECT) {
+ if (CONFIG(general).flags & CTD_EXPECT) {
nfexp_callback_register2(STATE(event), NFCT_T_ALL,
exp_event_handler, NULL);
}
diff --git a/src/external_inject.c b/src/external_inject.c
index 0ad3478..1e9b759 100644
--- a/src/external_inject.c
+++ b/src/external_inject.c
@@ -42,7 +42,7 @@ struct {
static int external_inject_init(void)
{
/* handler to directly inject conntracks into kernel-space */
- inject = nfct_open(CONFIG(netlink).subsys_id, 0);
+ inject = nfct_open(CONFIG(nl).subsys_id, 0);
if (inject == NULL) {
dlog(LOG_ERR, "can't open netlink handler: %s",
strerror(errno));
diff --git a/src/internal_bypass.c b/src/internal_bypass.c
index 1194339..7aed9f7 100644
--- a/src/internal_bypass.c
+++ b/src/internal_bypass.c
@@ -52,7 +52,7 @@ static void internal_bypass_ct_dump(int fd, int type)
u_int32_t family = AF_UNSPEC;
int ret;
- h = nfct_open(CONFIG(netlink).subsys_id, 0);
+ h = nfct_open(CONFIG(nl).subsys_id, 0);
if (h == NULL) {
dlog(LOG_ERR, "can't allocate memory for the internal cache");
return;
@@ -183,7 +183,7 @@ static void internal_bypass_exp_dump(int fd, int type)
u_int32_t family = AF_UNSPEC;
int ret;
- h = nfct_open(CONFIG(netlink).subsys_id, 0);
+ h = nfct_open(CONFIG(nl).subsys_id, 0);
if (h == NULL) {
dlog(LOG_ERR, "can't allocate memory for the internal cache");
return;
diff --git a/src/log.c b/src/log.c
index d4de111..7dbdfe8 100644
--- a/src/log.c
+++ b/src/log.c
@@ -29,11 +29,11 @@
int init_log(void)
{
- if (CONFIG(logfile)[0]) {
- STATE(log) = fopen(CONFIG(logfile), "a+");
+ if (CONFIG(general).logfile[0]) {
+ STATE(log) = fopen(CONFIG(general).logfile, "a+");
if (STATE(log) == NULL) {
fprintf(stderr, "ERROR: can't open logfile `%s'."
- "Reason: %s\n", CONFIG(logfile),
+ "Reason: %s\n", CONFIG(general).logfile,
strerror(errno));
return -1;
}
@@ -45,7 +45,7 @@ int init_log(void)
STATE(stats_log) = fopen(CONFIG(stats).logfile, "a+");
if (STATE(stats_log) == NULL) {
fprintf(stderr, "ERROR: can't open logfile `%s'."
- "Reason: %s\n", CONFIG(stats).logfile,
+ "Reason: %s\n", CONFIG(stats).logfile,
strerror(errno));
return -1;
}
@@ -53,9 +53,9 @@ int init_log(void)
setlinebuf(STATE(stats_log));
}
- if (CONFIG(syslog_facility) != -1 ||
+ if (CONFIG(general).syslog_facility != -1 ||
CONFIG(stats).syslog_facility != -1)
- openlog(PACKAGE, LOG_PID, CONFIG(syslog_facility));
+ openlog(PACKAGE, LOG_PID, CONFIG(general).syslog_facility);
return 0;
}
@@ -97,7 +97,7 @@ void dlog(int priority, const char *format, ...)
fflush(fd);
}
- if (CONFIG(syslog_facility) != -1) {
+ if (CONFIG(general).syslog_facility != -1) {
va_start(args, format);
vsyslog(priority, format, args);
va_end(args);
@@ -136,7 +136,7 @@ void dlog_ct(FILE *fd, struct nf_conntrack *ct, unsigned int type)
if (fd == STATE(log)) {
/* error reporting */
- if (CONFIG(syslog_facility) != -1)
+ if (CONFIG(general).syslog_facility != -1)
syslog(LOG_ERR, "%s", tmp);
} else if (fd == STATE(stats_log)) {
/* connection logging */
@@ -173,7 +173,7 @@ void dlog_exp(FILE *fd, struct nf_expect *exp, unsigned int type)
if (fd == STATE(log)) {
/* error reporting */
- if (CONFIG(syslog_facility) != -1)
+ if (CONFIG(general).syslog_facility != -1)
syslog(LOG_ERR, "%s", tmp);
} else if (fd == STATE(stats_log)) {
/* connection logging */
@@ -190,7 +190,7 @@ void close_log(void)
if (STATE(stats_log) != NULL)
fclose(STATE(stats_log));
- if (CONFIG(syslog_facility) != -1 ||
+ if (CONFIG(general).syslog_facility != -1 ||
CONFIG(stats).syslog_facility != -1)
closelog();
}
diff --git a/src/main.c b/src/main.c
index 831a3c2..33abd1d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -328,7 +328,8 @@ int main(int argc, char *argv[])
}
if (type == REQUEST) {
- if (do_local_request(action, &conf.local, local_step) == -1) {
+ if (do_local_request(action, &CONFIG(general).local,
+ local_step) == -1) {
fprintf(stderr, "can't connect: is conntrackd "
"running? appropriate permissions?\n");
exit(EXIT_FAILURE);
@@ -345,10 +346,10 @@ int main(int argc, char *argv[])
/*
* lock file
*/
- ret = open(CONFIG(lockfile), O_CREAT | O_EXCL | O_TRUNC, 0600);
+ ret = open(CONFIG(general).lockfile, O_CREAT | O_EXCL | O_TRUNC, 0600);
if (ret == -1) {
fprintf(stderr, "lockfile `%s' exists, perhaps conntrackd "
- "already running?\n", CONFIG(lockfile));
+ "already running?\n", CONFIG(general).lockfile);
exit(EXIT_FAILURE);
}
close(ret);
@@ -356,14 +357,15 @@ int main(int argc, char *argv[])
/*
* Setting process priority and scheduler
*/
- nice(CONFIG(nice));
+ nice(CONFIG(general).nice);
- if (CONFIG(sched).type != SCHED_OTHER) {
+ if (CONFIG(general).sched_type != SCHED_OTHER) {
struct sched_param schedparam = {
- .sched_priority = CONFIG(sched).prio,
+ .sched_priority = CONFIG(general).sched_prio,
};
- ret = sched_setscheduler(0, CONFIG(sched).type, &schedparam);
+ ret = sched_setscheduler(0, CONFIG(general).sched_type,
+ &schedparam);
if (ret == -1) {
perror("sched");
exit(EXIT_FAILURE);
@@ -378,7 +380,7 @@ int main(int argc, char *argv[])
close_log();
fprintf(stderr, "ERROR: conntrackd cannot start, please "
"check the logfile for more info\n");
- unlink(CONFIG(lockfile));
+ unlink(CONFIG(general).lockfile);
exit(EXIT_FAILURE);
}
diff --git a/src/netlink.c b/src/netlink.c
index bd38d99..6ae7b53 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -33,11 +33,11 @@ struct nfct_handle *nl_init_event_handler(void)
{
struct nfct_handle *h;
- h = nfct_open(CONFIG(netlink).subsys_id, CONFIG(netlink).groups);
+ h = nfct_open(CONFIG(nl).subsys_id, CONFIG(nl).groups);
if (h == NULL)
return NULL;
- if (CONFIG(netlink).events_reliable) {
+ if (CONFIG(nl).events_reliable) {
int on = 1;
setsockopt(nfct_fd(h), SOL_NETLINK,
@@ -51,7 +51,7 @@ struct nfct_handle *nl_init_event_handler(void)
}
if (STATE(filter)) {
- if (CONFIG(filter_from_kernelspace)) {
+ if (CONFIG(nl).filter_from_kernel) {
if (nfct_filter_attach(nfct_fd(h),
STATE(filter)) == -1) {
dlog(LOG_ERR, "cannot set event filtering: %s",
@@ -67,13 +67,12 @@ struct nfct_handle *nl_init_event_handler(void)
fcntl(nfct_fd(h), F_SETFL, O_NONBLOCK);
/* set up socket buffer size */
- if (CONFIG(netlink_buffer_size) &&
- CONFIG(netlink_buffer_size) <=
- CONFIG(netlink_buffer_size_max_grown)) {
+ if (CONFIG(nl).buffer_size &&
+ CONFIG(nl).buffer_size <= CONFIG(nl).buffer_size_max) {
/* we divide netlink_buffer_size by 2 here since value passed
to kernel gets doubled in SO_RCVBUF; see net/core/sock.c */
- CONFIG(netlink_buffer_size) =
- nfnl_rcvbufsiz(nfct_nfnlh(h), CONFIG(netlink_buffer_size)/2);
+ CONFIG(nl).buffer_size =
+ nfnl_rcvbufsiz(nfct_nfnlh(h), CONFIG(nl).buffer_size/2);
} else {
dlog(LOG_NOTICE, "NetlinkBufferSize is either not set or "
"is greater than NetlinkBufferSizeMaxGrowth. "
@@ -86,11 +85,11 @@ struct nfct_handle *nl_init_event_handler(void)
getsockopt(nfct_fd(h), SOL_SOCKET,
SO_RCVBUF, &read_size, &socklen);
- CONFIG(netlink_buffer_size) = read_size;
+ CONFIG(nl).buffer_size = read_size;
}
dlog(LOG_NOTICE, "netlink event socket buffer size has been set "
- "to %u bytes", CONFIG(netlink_buffer_size));
+ "to %u bytes", CONFIG(nl).buffer_size);
return h;
}
@@ -115,7 +114,7 @@ static int warned = 0;
void nl_resize_socket_buffer(struct nfct_handle *h)
{
- unsigned int s = CONFIG(netlink_buffer_size);
+ unsigned int s = CONFIG(nl).buffer_size;
/* already warned that we have reached the maximum buffer size */
if (warned)
@@ -124,7 +123,7 @@ void nl_resize_socket_buffer(struct nfct_handle *h)
/* since sock_setsockopt in net/core/sock.c doubles the size of socket
buffer passed to it using nfnl_rcvbufsiz, only call nfnl_rcvbufsiz
if new value is not greater than netlink_buffer_size_max_grown */
- if (s*2 > CONFIG(netlink_buffer_size_max_grown)) {
+ if (s*2 > CONFIG(nl).buffer_size_max) {
dlog(LOG_WARNING,
"netlink event socket buffer size cannot "
"be doubled further since it will exceed "
@@ -139,16 +138,16 @@ void nl_resize_socket_buffer(struct nfct_handle *h)
return;
}
- CONFIG(netlink_buffer_size) = nfnl_rcvbufsiz(nfct_nfnlh(h), s);
+ CONFIG(nl).buffer_size = nfnl_rcvbufsiz(nfct_nfnlh(h), s);
/* notify the sysadmin */
dlog(LOG_NOTICE, "netlink event socket buffer size has been doubled "
- "to %u bytes", CONFIG(netlink_buffer_size));
+ "to %u bytes", CONFIG(nl).buffer_size);
}
int nl_dump_conntrack_table(struct nfct_handle *h)
{
- return nfct_query(h, NFCT_Q_DUMP, &CONFIG(family));
+ return nfct_query(h, NFCT_Q_DUMP, &CONFIG(general).family);
}
static int
@@ -182,7 +181,7 @@ int nl_flush_conntrack_table_selective(void)
}
nfct_callback_register(h, NFCT_T_ALL, nl_flush_selective_cb, NULL);
- ret = nfct_query(h, NFCT_Q_DUMP, &CONFIG(family));
+ ret = nfct_query(h, NFCT_Q_DUMP, &CONFIG(general).family);
nfct_close(h);
@@ -191,7 +190,7 @@ int nl_flush_conntrack_table_selective(void)
int nl_send_resync(struct nfct_handle *h)
{
- int family = CONFIG(family);
+ int family = CONFIG(general).family;
return nfct_send(h, NFCT_Q_DUMP, &family);
}
@@ -380,16 +379,16 @@ int nl_get_expect(struct nfct_handle *h, const struct nf_expect *exp)
int nl_dump_expect_table(struct nfct_handle *h)
{
- return nfexp_query(h, NFCT_Q_DUMP, &CONFIG(family));
+ return nfexp_query(h, NFCT_Q_DUMP, &CONFIG(general).family);
}
int nl_flush_expect_table(struct nfct_handle *h)
{
- return nfexp_query(h, NFCT_Q_FLUSH, &CONFIG(family));
+ return nfexp_query(h, NFCT_Q_FLUSH, &CONFIG(general).family);
}
int nl_send_expect_resync(struct nfct_handle *h)
{
- int family = CONFIG(family);
+ int family = CONFIG(general).family;
return nfexp_send(h, NFCT_Q_DUMP, &family);
}
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 72a9654..cccbb37 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -116,7 +116,7 @@ line : ignore_protocol
logfile_bool : T_LOG T_ON
{
- strncpy(conf.logfile, DEFAULT_LOGFILE, FILENAME_MAXLEN);
+ strncpy(CONFIG(general).logfile, DEFAULT_LOGFILE, FILENAME_MAXLEN);
};
logfile_bool : T_LOG T_OFF
@@ -125,54 +125,54 @@ logfile_bool : T_LOG T_OFF
logfile_path : T_LOG T_PATH_VAL
{
- strncpy(conf.logfile, $2, FILENAME_MAXLEN);
+ strncpy(CONFIG(general).logfile, $2, FILENAME_MAXLEN);
};
syslog_bool : T_SYSLOG T_ON
{
- conf.syslog_facility = DEFAULT_SYSLOG_FACILITY;
+ CONFIG(general).syslog_facility = DEFAULT_SYSLOG_FACILITY;
};
syslog_bool : T_SYSLOG T_OFF
{
- conf.syslog_facility = -1;
+ CONFIG(general).syslog_facility = -1;
}
syslog_facility : T_SYSLOG T_STRING
{
if (!strcmp($2, "daemon"))
- conf.syslog_facility = LOG_DAEMON;
+ CONFIG(general).syslog_facility = LOG_DAEMON;
else if (!strcmp($2, "local0"))
- conf.syslog_facility = LOG_LOCAL0;
+ CONFIG(general).syslog_facility = LOG_LOCAL0;
else if (!strcmp($2, "local1"))
- conf.syslog_facility = LOG_LOCAL1;
+ CONFIG(general).syslog_facility = LOG_LOCAL1;
else if (!strcmp($2, "local2"))
- conf.syslog_facility = LOG_LOCAL2;
+ CONFIG(general).syslog_facility = LOG_LOCAL2;
else if (!strcmp($2, "local3"))
- conf.syslog_facility = LOG_LOCAL3;
+ CONFIG(general).syslog_facility = LOG_LOCAL3;
else if (!strcmp($2, "local4"))
- conf.syslog_facility = LOG_LOCAL4;
+ CONFIG(general).syslog_facility = LOG_LOCAL4;
else if (!strcmp($2, "local5"))
- conf.syslog_facility = LOG_LOCAL5;
+ CONFIG(general).syslog_facility = LOG_LOCAL5;
else if (!strcmp($2, "local6"))
- conf.syslog_facility = LOG_LOCAL6;
+ CONFIG(general).syslog_facility = LOG_LOCAL6;
else if (!strcmp($2, "local7"))
- conf.syslog_facility = LOG_LOCAL7;
+ CONFIG(general).syslog_facility = LOG_LOCAL7;
else {
print_err(CTD_CFG_WARN, "'%s' is not a known syslog facility, "
"ignoring", $2);
break;
}
- if (conf.stats.syslog_facility != -1 &&
- conf.syslog_facility != conf.stats.syslog_facility)
+ if (CONFIG(stats).syslog_facility != -1 &&
+ CONFIG(general).syslog_facility != CONFIG(stats).syslog_facility)
print_err(CTD_CFG_WARN, "conflicting Syslog facility "
"values, defaulting to General");
};
lock : T_LOCK T_PATH_VAL
{
- strncpy(conf.lockfile, $2, FILENAME_MAXLEN);
+ strncpy(CONFIG(general).lockfile, $2, FILENAME_MAXLEN);
};
strip_nat: T_STRIP_NAT
@@ -182,22 +182,22 @@ strip_nat: T_STRIP_NAT
refreshtime : T_REFRESH T_NUMBER
{
- conf.refresh = $2;
+ CONFIG(sync).alarm_refresh = $2;
};
expiretime: T_EXPIRE T_NUMBER
{
- conf.cache_timeout = $2;
+ CONFIG(sync).alarm_timeout = $2;
};
timeout: T_TIMEOUT T_NUMBER
{
- conf.commit_timeout = $2;
+ CONFIG(nl).commit_timeout = $2;
};
purge: T_PURGE T_NUMBER
{
- conf.purge_timeout = $2;
+ CONFIG(nl).purge_timeout = $2;
};
checksum: T_CHECKSUM T_ON
@@ -208,7 +208,7 @@ checksum: T_CHECKSUM T_ON
* XXX: The use of Checksum outside of the Multicast clause is broken
* if we have more than one dedicated links.
*/
- conf.channel[0].u.mcast.checksum = 0;
+ CONFIG(channel).conf[0].u.mcast.checksum = 0;
};
checksum: T_CHECKSUM T_OFF
@@ -219,7 +219,7 @@ checksum: T_CHECKSUM T_OFF
* XXX: The use of Checksum outside of the Multicast clause is broken
* if we have more than one dedicated links.
*/
- conf.channel[0].u.mcast.checksum = 1;
+ CONFIG(channel).conf[0].u.mcast.checksum = 1;
};
ignore_traffic : T_IGNORE_TRAFFIC '{' ignore_traffic_options '}'
@@ -285,32 +285,32 @@ ignore_traffic_option : T_IPV6_ADDR T_IP
multicast_line : T_MULTICAST '{' multicast_options '}'
{
- if (conf.channel_type_global != CHANNEL_NONE &&
- conf.channel_type_global != CHANNEL_MCAST) {
+ if (CONFIG(channel).type != CHANNEL_NONE &&
+ CONFIG(channel).type != CHANNEL_MCAST) {
print_err(CTD_CFG_ERROR, "cannot use `Multicast' with other "
"dedicated link protocols!");
exit(EXIT_FAILURE);
}
- conf.channel_type_global = CHANNEL_MCAST;
- conf.channel[conf.channel_num].channel_type = CHANNEL_MCAST;
- conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED;
- conf.channel_num++;
+ CONFIG(channel).type = CHANNEL_MCAST;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_type = CHANNEL_MCAST;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_flags = CHANNEL_F_BUFFERED;
+ CONFIG(channel).num++;
};
multicast_line : T_MULTICAST T_DEFAULT '{' multicast_options '}'
{
- if (conf.channel_type_global != CHANNEL_NONE &&
- conf.channel_type_global != CHANNEL_MCAST) {
+ if (CONFIG(channel).type != CHANNEL_NONE &&
+ CONFIG(channel).type != CHANNEL_MCAST) {
print_err(CTD_CFG_ERROR, "cannot use `Multicast' with other "
"dedicated link protocols!");
exit(EXIT_FAILURE);
}
- conf.channel_type_global = CHANNEL_MCAST;
- conf.channel[conf.channel_num].channel_type = CHANNEL_MCAST;
- conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT |
+ CONFIG(channel).type = CHANNEL_MCAST;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_type = CHANNEL_MCAST;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_flags = CHANNEL_F_DEFAULT |
CHANNEL_F_BUFFERED;
- conf.channel_default = conf.channel_num;
- conf.channel_num++;
+ CONFIG(channel).default_num = CONFIG(channel).num;
+ CONFIG(channel).num++;
};
multicast_options :
@@ -320,19 +320,19 @@ multicast_option : T_IPV4_ADDR T_IP
{
__max_dedicated_links_reached();
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.in)) {
+ if (!inet_aton($2, &CONFIG(channel).conf[CONFIG(channel).num].u.mcast.in)) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
break;
}
- if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) {
+ if (CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ipproto == AF_INET6) {
print_err(CTD_CFG_WARN, "your multicast address is IPv4 but "
"is binded to an IPv6 interface? "
"Surely, this is not what you want");
break;
}
- conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ipproto = AF_INET;
};
multicast_option : T_IPV6_ADDR T_IP
@@ -341,7 +341,7 @@ multicast_option : T_IPV6_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.mcast.in) <= 0) {
+ &CONFIG(channel).conf[CONFIG(channel).num].u.mcast.in) <= 0) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2);
break;
}
@@ -350,17 +350,17 @@ multicast_option : T_IPV6_ADDR T_IP
break;
#endif
- if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET) {
+ if (CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ipproto == AF_INET) {
print_err(CTD_CFG_WARN, "your multicast address is IPv6 but "
"is binded to an IPv4 interface? "
"Surely this is not what you want");
break;
}
- conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ipproto = AF_INET6;
- if (conf.channel[conf.channel_num].channel_ifname[0] &&
- !conf.channel[conf.channel_num].u.mcast.ifa.interface_index6) {
+ if (CONFIG(channel).conf[CONFIG(channel).num].channel_ifname[0] &&
+ !CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ifa.interface_index6) {
unsigned int idx;
idx = if_nametoindex($2);
@@ -370,8 +370,8 @@ multicast_option : T_IPV6_ADDR T_IP
break;
}
- conf.channel[conf.channel_num].u.mcast.ifa.interface_index6 = idx;
- conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ifa.interface_index6 = idx;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ipproto = AF_INET6;
}
};
@@ -379,19 +379,19 @@ multicast_option : T_IPV4_IFACE T_IP
{
__max_dedicated_links_reached();
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.ifa)) {
+ if (!inet_aton($2, &CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ifa)) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
break;
}
- if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) {
+ if (CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ipproto == AF_INET6) {
print_err(CTD_CFG_WARN, "your multicast interface is IPv4 but "
"is binded to an IPv6 interface? "
"Surely, this is not what you want");
break;
}
- conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ipproto = AF_INET;
};
multicast_option : T_IPV6_IFACE T_IP
@@ -405,7 +405,7 @@ multicast_option : T_IFACE T_STRING
__max_dedicated_links_reached();
- strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ);
+ strncpy(CONFIG(channel).conf[CONFIG(channel).num].channel_ifname, $2, IFNAMSIZ);
idx = if_nametoindex($2);
if (!idx) {
@@ -413,9 +413,9 @@ multicast_option : T_IFACE T_STRING
break;
}
- if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) {
- conf.channel[conf.channel_num].u.mcast.ifa.interface_index6 = idx;
- conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6;
+ if (CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ipproto == AF_INET6) {
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ifa.interface_index6 = idx;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.ipproto = AF_INET6;
}
};
@@ -429,61 +429,61 @@ multicast_option : T_BACKLOG T_NUMBER
multicast_option : T_GROUP T_NUMBER
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.mcast.port = $2;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.port = $2;
};
multicast_option: T_SNDBUFF T_NUMBER
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.mcast.sndbuf = $2;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.sndbuf = $2;
};
multicast_option: T_RCVBUFF T_NUMBER
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.mcast.rcvbuf = $2;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.rcvbuf = $2;
};
multicast_option: T_CHECKSUM T_ON
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.mcast.checksum = 0;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.checksum = 0;
};
multicast_option: T_CHECKSUM T_OFF
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.mcast.checksum = 1;
+ CONFIG(channel).conf[CONFIG(channel).num].u.mcast.checksum = 1;
};
udp_line : T_UDP '{' udp_options '}'
{
- if (conf.channel_type_global != CHANNEL_NONE &&
- conf.channel_type_global != CHANNEL_UDP) {
+ if (CONFIG(channel).type != CHANNEL_NONE &&
+ CONFIG(channel).type != CHANNEL_UDP) {
print_err(CTD_CFG_ERROR, "cannot use `UDP' with other "
"dedicated link protocols!");
exit(EXIT_FAILURE);
}
- conf.channel_type_global = CHANNEL_UDP;
- conf.channel[conf.channel_num].channel_type = CHANNEL_UDP;
- conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED;
- conf.channel_num++;
+ CONFIG(channel).type = CHANNEL_UDP;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_type = CHANNEL_UDP;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_flags = CHANNEL_F_BUFFERED;
+ CONFIG(channel).num++;
};
udp_line : T_UDP T_DEFAULT '{' udp_options '}'
{
- if (conf.channel_type_global != CHANNEL_NONE &&
- conf.channel_type_global != CHANNEL_UDP) {
+ if (CONFIG(channel).type != CHANNEL_NONE &&
+ CONFIG(channel).type != CHANNEL_UDP) {
print_err(CTD_CFG_ERROR, "cannot use `UDP' with other "
"dedicated link protocols!");
exit(EXIT_FAILURE);
}
- conf.channel_type_global = CHANNEL_UDP;
- conf.channel[conf.channel_num].channel_type = CHANNEL_UDP;
- conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT |
+ CONFIG(channel).type = CHANNEL_UDP;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_type = CHANNEL_UDP;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_flags = CHANNEL_F_DEFAULT |
CHANNEL_F_BUFFERED;
- conf.channel_default = conf.channel_num;
- conf.channel_num++;
+ CONFIG(channel).default_num = CONFIG(channel).num;
+ CONFIG(channel).num++;
};
udp_options :
@@ -493,11 +493,11 @@ udp_option : T_IPV4_ADDR T_IP
{
__max_dedicated_links_reached();
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server.ipv4)) {
+ if (!inet_aton($2, &CONFIG(channel).conf[CONFIG(channel).num].u.udp.server.ipv4)) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
break;
}
- conf.channel[conf.channel_num].u.udp.ipproto = AF_INET;
+ CONFIG(channel).conf[CONFIG(channel).num].u.udp.ipproto = AF_INET;
};
udp_option : T_IPV6_ADDR T_IP
@@ -506,7 +506,7 @@ udp_option : T_IPV6_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.udp.server.ipv6) <= 0) {
+ &CONFIG(channel).conf[CONFIG(channel).num].u.udp.server.ipv6) <= 0) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2);
break;
}
@@ -514,18 +514,18 @@ udp_option : T_IPV6_ADDR T_IP
print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
break;
#endif
- conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
+ CONFIG(channel).conf[CONFIG(channel).num].u.udp.ipproto = AF_INET6;
};
udp_option : T_IPV4_DEST_ADDR T_IP
{
__max_dedicated_links_reached();
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.client)) {
+ if (!inet_aton($2, &CONFIG(channel).conf[CONFIG(channel).num].u.udp.client)) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
break;
}
- conf.channel[conf.channel_num].u.udp.ipproto = AF_INET;
+ CONFIG(channel).conf[CONFIG(channel).num].u.udp.ipproto = AF_INET;
};
udp_option : T_IPV6_DEST_ADDR T_IP
@@ -534,7 +534,7 @@ udp_option : T_IPV6_DEST_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.udp.client) <= 0) {
+ &CONFIG(channel).conf[CONFIG(channel).num].u.udp.client) <= 0) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2);
break;
}
@@ -542,7 +542,7 @@ udp_option : T_IPV6_DEST_ADDR T_IP
print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
break;
#endif
- conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
+ CONFIG(channel).conf[CONFIG(channel).num].u.udp.ipproto = AF_INET6;
};
udp_option : T_IFACE T_STRING
@@ -550,78 +550,79 @@ udp_option : T_IFACE T_STRING
int idx;
__max_dedicated_links_reached();
- strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ);
+ strncpy(CONFIG(channel).conf[CONFIG(channel).num].channel_ifname, $2, IFNAMSIZ);
idx = if_nametoindex($2);
if (!idx) {
print_err(CTD_CFG_WARN, "%s is an invalid interface", $2);
break;
}
- conf.channel[conf.channel_num].u.udp.server.ipv6.scope_id = idx;
+ CONFIG(channel).conf[CONFIG(channel).num].u.udp.server.ipv6.scope_id = idx;
};
udp_option : T_PORT T_NUMBER
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.udp.port = $2;
+ CONFIG(channel).conf[CONFIG(channel).num].u.udp.port = $2;
};
udp_option: T_SNDBUFF T_NUMBER
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.udp.sndbuf = $2;
+ CONFIG(channel).conf[CONFIG(channel).num].u.udp.sndbuf = $2;
};
udp_option: T_RCVBUFF T_NUMBER
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.udp.rcvbuf = $2;
+ CONFIG(channel).conf[CONFIG(channel).num].u.udp.rcvbuf = $2;
};
udp_option: T_CHECKSUM T_ON
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.udp.checksum = 0;
+ CONFIG(channel).conf[CONFIG(channel).num].u.udp.checksum = 0;
};
udp_option: T_CHECKSUM T_OFF
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.udp.checksum = 1;
+ CONFIG(channel).conf[CONFIG(channel).num].u.udp.checksum = 1;
};
tcp_line : T_TCP '{' tcp_options '}'
{
- if (conf.channel_type_global != CHANNEL_NONE &&
- conf.channel_type_global != CHANNEL_TCP) {
+ if (CONFIG(channel).type != CHANNEL_NONE &&
+ CONFIG(channel).type != CHANNEL_TCP) {
print_err(CTD_CFG_ERROR, "cannot use `TCP' with other "
"dedicated link protocols!");
exit(EXIT_FAILURE);
}
- conf.channel_type_global = CHANNEL_TCP;
- conf.channel[conf.channel_num].channel_type = CHANNEL_TCP;
- conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED |
+ CONFIG(channel).type = CHANNEL_TCP;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_type = CHANNEL_TCP;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_flags = CHANNEL_F_BUFFERED |
CHANNEL_F_STREAM |
CHANNEL_F_ERRORS;
- conf.channel_num++;
+ CONFIG(channel).num++;
};
tcp_line : T_TCP T_DEFAULT '{' tcp_options '}'
{
- if (conf.channel_type_global != CHANNEL_NONE &&
- conf.channel_type_global != CHANNEL_TCP) {
+ if (CONFIG(channel).type != CHANNEL_NONE &&
+ CONFIG(channel).type != CHANNEL_TCP) {
print_err(CTD_CFG_ERROR, "cannot use `TCP' with other "
"dedicated link protocols!");
exit(EXIT_FAILURE);
}
- conf.channel_type_global = CHANNEL_TCP;
- conf.channel[conf.channel_num].channel_type = CHANNEL_TCP;
- conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT |
+ CONFIG(channel).type = CHANNEL_TCP;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_type = CHANNEL_TCP;
+ CONFIG(channel).conf[CONFIG(channel).num].channel_flags =
+ CHANNEL_F_DEFAULT |
CHANNEL_F_BUFFERED |
CHANNEL_F_STREAM |
CHANNEL_F_ERRORS;
- conf.channel_default = conf.channel_num;
- conf.channel_num++;
+ CONFIG(channel).default_num = CONFIG(channel).num;
+ CONFIG(channel).num++;
};
tcp_options :
@@ -631,11 +632,11 @@ tcp_option : T_IPV4_ADDR T_IP
{
__max_dedicated_links_reached();
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.server.ipv4)) {
+ if (!inet_aton($2, &CONFIG(channel).conf[CONFIG(channel).num].u.tcp.server.ipv4)) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
break;
}
- conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET;
+ CONFIG(channel).conf[CONFIG(channel).num].u.tcp.ipproto = AF_INET;
};
tcp_option : T_IPV6_ADDR T_IP
@@ -644,7 +645,7 @@ tcp_option : T_IPV6_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.tcp.server.ipv6) <= 0) {
+ &CONFIG(channel).conf[CONFIG(channel).num].u.tcp.server.ipv6) <= 0) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2);
break;
}
@@ -652,18 +653,18 @@ tcp_option : T_IPV6_ADDR T_IP
print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
break;
#endif
- conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6;
+ CONFIG(channel).conf[CONFIG(channel).num].u.tcp.ipproto = AF_INET6;
};
tcp_option : T_IPV4_DEST_ADDR T_IP
{
__max_dedicated_links_reached();
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.client)) {
+ if (!inet_aton($2, &CONFIG(channel).conf[CONFIG(channel).num].u.tcp.client)) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
break;
}
- conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET;
+ CONFIG(channel).conf[CONFIG(channel).num].u.tcp.ipproto = AF_INET;
};
tcp_option : T_IPV6_DEST_ADDR T_IP
@@ -672,7 +673,7 @@ tcp_option : T_IPV6_DEST_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.tcp.client) <= 0) {
+ &CONFIG(channel).conf[CONFIG(channel).num].u.tcp.client) <= 0) {
print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2);
break;
}
@@ -680,7 +681,7 @@ tcp_option : T_IPV6_DEST_ADDR T_IP
print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
break;
#endif
- conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6;
+ CONFIG(channel).conf[CONFIG(channel).num].u.tcp.ipproto = AF_INET6;
};
tcp_option : T_IFACE T_STRING
@@ -688,60 +689,60 @@ tcp_option : T_IFACE T_STRING
int idx;
__max_dedicated_links_reached();
- strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ);
+ strncpy(CONFIG(channel).conf[CONFIG(channel).num].channel_ifname, $2, IFNAMSIZ);
idx = if_nametoindex($2);
if (!idx) {
print_err(CTD_CFG_WARN, "%s is an invalid interface", $2);
break;
}
- conf.channel[conf.channel_num].u.tcp.server.ipv6.scope_id = idx;
+ CONFIG(channel).conf[CONFIG(channel).num].u.tcp.server.ipv6.scope_id = idx;
};
tcp_option : T_PORT T_NUMBER
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.tcp.port = $2;
+ CONFIG(channel).conf[CONFIG(channel).num].u.tcp.port = $2;
};
tcp_option: T_SNDBUFF T_NUMBER
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.tcp.sndbuf = $2;
+ CONFIG(channel).conf[CONFIG(channel).num].u.tcp.sndbuf = $2;
};
tcp_option: T_RCVBUFF T_NUMBER
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.tcp.rcvbuf = $2;
+ CONFIG(channel).conf[CONFIG(channel).num].u.tcp.rcvbuf = $2;
};
tcp_option: T_CHECKSUM T_ON
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.tcp.checksum = 0;
+ CONFIG(channel).conf[CONFIG(channel).num].u.tcp.checksum = 0;
};
tcp_option: T_CHECKSUM T_OFF
{
__max_dedicated_links_reached();
- conf.channel[conf.channel_num].u.tcp.checksum = 1;
+ CONFIG(channel).conf[CONFIG(channel).num].u.tcp.checksum = 1;
};
tcp_option: T_ERROR_QUEUE_LENGTH T_NUMBER
{
__max_dedicated_links_reached();
- CONFIG(channelc).error_queue_length = $2;
+ CONFIG(channel).error_queue_length = $2;
};
hashsize : T_HASHSIZE T_NUMBER
{
- conf.hashsize = $2;
+ CONFIG(hashtable).buckets = $2;
};
hashlimit: T_HASHLIMIT T_NUMBER
{
- conf.limit = $2;
+ CONFIG(hashtable).max_entries = $2;
};
unix_line: T_UNIX '{' unix_options '}';
@@ -752,12 +753,12 @@ unix_options:
unix_option : T_PATH T_PATH_VAL
{
- strcpy(conf.local.path, $2);
+ strcpy(CONFIG(general).local.path, $2);
};
unix_option : T_BACKLOG T_NUMBER
{
- conf.local.backlog = $2;
+ CONFIG(general).local.backlog = $2;
};
ignore_protocol: T_IGNORE_PROTOCOL '{' ignore_proto_list '}'
@@ -797,12 +798,12 @@ ignore_proto: T_STRING
sync: T_SYNC '{' sync_list '}'
{
- if (conf.flags & CTD_STATS_MODE) {
+ if (CONFIG(general).flags & CTD_STATS_MODE) {
print_err(CTD_CFG_ERROR, "cannot use both `Stats' and `Sync' "
"clauses in conntrackd.conf");
exit(EXIT_FAILURE);
}
- conf.flags |= CTD_SYNC_MODE;
+ CONFIG(general).flags |= CTD_SYNC_MODE;
};
sync_list:
@@ -846,29 +847,29 @@ option: T_TCP_WINDOW_TRACKING T_OFF
option: T_EXPECT_SYNC T_ON
{
- CONFIG(flags) |= CTD_EXPECT;
- CONFIG(netlink).subsys_id = NFNL_SUBSYS_NONE;
- CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW |
- NF_NETLINK_CONNTRACK_UPDATE |
- NF_NETLINK_CONNTRACK_DESTROY |
- NF_NETLINK_CONNTRACK_EXP_NEW |
- NF_NETLINK_CONNTRACK_EXP_UPDATE |
- NF_NETLINK_CONNTRACK_EXP_DESTROY;
+ CONFIG(general).flags |= CTD_EXPECT;
+ CONFIG(nl).subsys_id = NFNL_SUBSYS_NONE;
+ CONFIG(nl).groups = NF_NETLINK_CONNTRACK_NEW |
+ NF_NETLINK_CONNTRACK_UPDATE |
+ NF_NETLINK_CONNTRACK_DESTROY |
+ NF_NETLINK_CONNTRACK_EXP_NEW |
+ NF_NETLINK_CONNTRACK_EXP_UPDATE |
+ NF_NETLINK_CONNTRACK_EXP_DESTROY;
};
option: T_EXPECT_SYNC T_OFF
{
- CONFIG(netlink).subsys_id = NFNL_SUBSYS_CTNETLINK;
- CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW |
- NF_NETLINK_CONNTRACK_UPDATE |
- NF_NETLINK_CONNTRACK_DESTROY;
+ CONFIG(nl).subsys_id = NFNL_SUBSYS_CTNETLINK;
+ CONFIG(nl).groups = NF_NETLINK_CONNTRACK_NEW |
+ NF_NETLINK_CONNTRACK_UPDATE |
+ NF_NETLINK_CONNTRACK_DESTROY;
};
option: T_EXPECT_SYNC '{' expect_list '}'
{
- CONFIG(flags) |= CTD_EXPECT;
- CONFIG(netlink).subsys_id = NFNL_SUBSYS_NONE;
- CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW |
+ CONFIG(general).flags |= CTD_EXPECT;
+ CONFIG(nl).subsys_id = NFNL_SUBSYS_NONE;
+ CONFIG(nl).groups = NF_NETLINK_CONNTRACK_NEW |
NF_NETLINK_CONNTRACK_UPDATE |
NF_NETLINK_CONNTRACK_DESTROY |
NF_NETLINK_CONNTRACK_EXP_NEW |
@@ -886,17 +887,17 @@ expect_item: T_STRING
sync_mode_alarm: T_SYNC_MODE T_ALARM '{' sync_mode_alarm_list '}'
{
- conf.flags |= CTD_SYNC_ALARM;
+ CONFIG(general).flags |= CTD_SYNC_ALARM;
};
sync_mode_ftfw: T_SYNC_MODE T_FTFW '{' sync_mode_ftfw_list '}'
{
- conf.flags |= CTD_SYNC_FTFW;
+ CONFIG(general).flags |= CTD_SYNC_FTFW;
};
sync_mode_notrack: T_SYNC_MODE T_NOTRACK '{' sync_mode_notrack_list '}'
{
- conf.flags |= CTD_SYNC_NOTRACK;
+ CONFIG(general).flags |= CTD_SYNC_NOTRACK;
};
sync_mode_alarm_list:
@@ -958,12 +959,12 @@ resend_buffer_size: T_RESEND_BUFFER_SIZE T_NUMBER
resend_queue_size: T_RESEND_QUEUE_SIZE T_NUMBER
{
- conf.resend_queue_size = $2;
+ CONFIG(sync).resend_queue_size = $2;
};
window_size: T_WINDOWSIZE T_NUMBER
{
- conf.window_size = $2;
+ CONFIG(sync).window_size = $2;
};
destroy_timeout: T_DESTROY_TIMEOUT T_NUMBER
@@ -1126,42 +1127,42 @@ general_line: hashsize
netlink_buffer_size: T_BUFFER_SIZE T_NUMBER
{
- conf.netlink_buffer_size = $2;
+ CONFIG(nl).buffer_size = $2;
};
netlink_buffer_size_max_grown : T_BUFFER_SIZE_MAX_GROWN T_NUMBER
{
- conf.netlink_buffer_size_max_grown = $2;
+ CONFIG(nl).buffer_size_max = $2;
};
netlink_overrun_resync : T_NETLINK_OVERRUN_RESYNC T_ON
{
- conf.nl_overrun_resync = 30;
+ CONFIG(nl).overrun_resync = 30;
};
netlink_overrun_resync : T_NETLINK_OVERRUN_RESYNC T_OFF
{
- conf.nl_overrun_resync = -1;
+ CONFIG(nl).overrun_resync = -1;
};
netlink_overrun_resync : T_NETLINK_OVERRUN_RESYNC T_NUMBER
{
- conf.nl_overrun_resync = $2;
+ CONFIG(nl).overrun_resync = $2;
};
netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_ON
{
- conf.netlink.events_reliable = 1;
+ CONFIG(nl).events_reliable = 1;
};
netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_OFF
{
- conf.netlink.events_reliable = 0;
+ CONFIG(nl).events_reliable = 0;
};
nice : T_NICE T_SIGNED_NUMBER
{
- conf.nice = $2;
+ CONFIG(general).nice = $2;
};
scheduler : T_SCHEDULER '{' scheduler_options '}';
@@ -1173,9 +1174,9 @@ scheduler_options :
scheduler_line : T_TYPE T_STRING
{
if (strcasecmp($2, "rr") == 0) {
- conf.sched.type = SCHED_RR;
+ CONFIG(general).sched_type = SCHED_RR;
} else if (strcasecmp($2, "fifo") == 0) {
- conf.sched.type = SCHED_FIFO;
+ CONFIG(general).sched_type = SCHED_FIFO;
} else {
print_err(CTD_CFG_ERROR, "unknown scheduler `%s'", $2);
exit(EXIT_FAILURE);
@@ -1184,8 +1185,8 @@ scheduler_line : T_TYPE T_STRING
scheduler_line : T_PRIO T_NUMBER
{
- conf.sched.prio = $2;
- if (conf.sched.prio < 0 || conf.sched.prio > 99) {
+ CONFIG(general).sched_prio = $2;
+ if (CONFIG(general).sched_prio < 0 || CONFIG(general).sched_prio > 99) {
print_err(CTD_CFG_ERROR, "`Priority' must be [0, 99]\n", $2);
exit(EXIT_FAILURE);
}
@@ -1194,21 +1195,21 @@ scheduler_line : T_PRIO T_NUMBER
family : T_FAMILY T_STRING
{
if (strncmp($2, "IPv6", strlen("IPv6")) == 0)
- conf.family = AF_INET6;
+ CONFIG(general).family = AF_INET6;
else
- conf.family = AF_INET;
+ CONFIG(general).family = AF_INET;
};
event_iterations_limit : T_EVENT_ITER_LIMIT T_NUMBER
{
- CONFIG(event_iterations_limit) = $2;
+ CONFIG(nl).event_iterations_limit = $2;
};
poll_secs: T_POLL_SECS T_NUMBER
{
- conf.flags |= CTD_POLL;
- conf.poll_kernel_secs = $2;
- if (conf.poll_kernel_secs == 0) {
+ CONFIG(general).flags |= CTD_POLL;
+ CONFIG(nl).poll_secs = $2;
+ if (CONFIG(nl).poll_secs == 0) {
print_err(CTD_CFG_ERROR, "`PollSecs' clause must be > 0");
exit(EXIT_FAILURE);
}
@@ -1216,17 +1217,17 @@ poll_secs: T_POLL_SECS T_NUMBER
filter : T_FILTER '{' filter_list '}'
{
- CONFIG(filter_from_kernelspace) = 0;
+ CONFIG(nl).filter_from_kernel = 0;
};
filter : T_FILTER T_FROM T_USERSPACE '{' filter_list '}'
{
- CONFIG(filter_from_kernelspace) = 0;
+ CONFIG(nl).filter_from_kernel = 0;
};
filter : T_FILTER T_FROM T_KERNELSPACE '{' filter_list '}'
{
- CONFIG(filter_from_kernelspace) = 1;
+ CONFIG(nl).filter_from_kernel = 1;
};
filter_list :
@@ -1497,12 +1498,12 @@ filter_state_item : tcp_states T_FOR T_TCP;
stats: T_STATS '{' stats_list '}'
{
- if (conf.flags & CTD_SYNC_MODE) {
+ if (CONFIG(general).flags & CTD_SYNC_MODE) {
print_err(CTD_CFG_ERROR, "cannot use both `Stats' and `Sync' "
"clauses in conntrackd.conf");
exit(EXIT_FAILURE);
}
- conf.flags |= CTD_STATS_MODE;
+ CONFIG(general).flags |= CTD_STATS_MODE;
};
stats_list:
@@ -1518,7 +1519,7 @@ stat_line: stat_logfile_bool
stat_logfile_bool : T_LOG T_ON
{
- strncpy(conf.stats.logfile, DEFAULT_STATS_LOGFILE, FILENAME_MAXLEN);
+ strncpy(CONFIG(stats).logfile, DEFAULT_STATS_LOGFILE, FILENAME_MAXLEN);
};
stat_logfile_bool : T_LOG T_OFF
@@ -1527,47 +1528,47 @@ stat_logfile_bool : T_LOG T_OFF
stat_logfile_path : T_LOG T_PATH_VAL
{
- strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN);
+ strncpy(CONFIG(stats).logfile, $2, FILENAME_MAXLEN);
};
stat_syslog_bool : T_SYSLOG T_ON
{
- conf.stats.syslog_facility = DEFAULT_SYSLOG_FACILITY;
+ CONFIG(stats).syslog_facility = DEFAULT_SYSLOG_FACILITY;
};
stat_syslog_bool : T_SYSLOG T_OFF
{
- conf.stats.syslog_facility = -1;
+ CONFIG(stats).syslog_facility = -1;
}
stat_syslog_facility : T_SYSLOG T_STRING
{
if (!strcmp($2, "daemon"))
- conf.stats.syslog_facility = LOG_DAEMON;
+ CONFIG(stats).syslog_facility = LOG_DAEMON;
else if (!strcmp($2, "local0"))
- conf.stats.syslog_facility = LOG_LOCAL0;
+ CONFIG(stats).syslog_facility = LOG_LOCAL0;
else if (!strcmp($2, "local1"))
- conf.stats.syslog_facility = LOG_LOCAL1;
+ CONFIG(stats).syslog_facility = LOG_LOCAL1;
else if (!strcmp($2, "local2"))
- conf.stats.syslog_facility = LOG_LOCAL2;
+ CONFIG(stats).syslog_facility = LOG_LOCAL2;
else if (!strcmp($2, "local3"))
- conf.stats.syslog_facility = LOG_LOCAL3;
+ CONFIG(stats).syslog_facility = LOG_LOCAL3;
else if (!strcmp($2, "local4"))
- conf.stats.syslog_facility = LOG_LOCAL4;
+ CONFIG(stats).syslog_facility = LOG_LOCAL4;
else if (!strcmp($2, "local5"))
- conf.stats.syslog_facility = LOG_LOCAL5;
+ CONFIG(stats).syslog_facility = LOG_LOCAL5;
else if (!strcmp($2, "local6"))
- conf.stats.syslog_facility = LOG_LOCAL6;
+ CONFIG(stats).syslog_facility = LOG_LOCAL6;
else if (!strcmp($2, "local7"))
- conf.stats.syslog_facility = LOG_LOCAL7;
+ CONFIG(stats).syslog_facility = LOG_LOCAL7;
else {
print_err(CTD_CFG_WARN, "'%s' is not a known syslog facility, "
"ignoring.", $2);
break;
}
- if (conf.syslog_facility != -1 &&
- conf.stats.syslog_facility != conf.syslog_facility)
+ if (CONFIG(general).syslog_facility != -1 &&
+ CONFIG(stats).syslog_facility != CONFIG(general).syslog_facility)
print_err(CTD_CFG_WARN, "conflicting Syslog facility "
"values, defaulting to General");
};
@@ -1579,7 +1580,7 @@ buffer_size: T_STAT_BUFFER_SIZE T_NUMBER
helper: T_HELPER '{' helper_list '}'
{
- conf.flags |= CTD_HELPER;
+ CONFIG(general).flags |= CTD_HELPER;
};
helper_list:
@@ -1832,7 +1833,7 @@ static void __kernel_filter_add_state(int value)
static void __max_dedicated_links_reached(void)
{
- if (conf.channel_num >= MULTICHANNEL_MAX) {
+ if (CONFIG(channel).num >= MULTICHANNEL_MAX) {
print_err(CTD_CFG_ERROR, "too many dedicated links in "
"the configuration file "
"(Maximum: %d)", MULTICHANNEL_MAX);
@@ -1850,9 +1851,9 @@ init_config(char *filename)
return -1;
/* Zero may be a valid facility */
- CONFIG(syslog_facility) = -1;
+ CONFIG(general).syslog_facility = -1;
CONFIG(stats).syslog_facility = -1;
- CONFIG(netlink).subsys_id = -1;
+ CONFIG(nl).subsys_id = -1;
/* Initialize list of user-space helpers */
INIT_LIST_HEAD(&CONFIG(cthelper).list);
@@ -1864,51 +1865,52 @@ init_config(char *filename)
fclose(fp);
/* default to IPv4 */
- if (CONFIG(family) == 0)
- CONFIG(family) = AF_INET;
+ if (CONFIG(general).family == 0)
+ CONFIG(general).family = AF_INET;
/* set to default is not specified */
- if (strcmp(CONFIG(lockfile), "") == 0)
- strncpy(CONFIG(lockfile), DEFAULT_LOCKFILE, FILENAME_MAXLEN);
+ if (strcmp(CONFIG(general).lockfile, "") == 0)
+ strncpy(CONFIG(general).lockfile, DEFAULT_LOCKFILE,
+ FILENAME_MAXLEN);
/* default to 180 seconds of expiration time: cache entries */
- if (CONFIG(cache_timeout) == 0)
- CONFIG(cache_timeout) = 180;
+ if (CONFIG(sync).alarm_timeout == 0)
+ CONFIG(sync).alarm_timeout = 180;
/* default to 60 seconds: purge kernel entries */
- if (CONFIG(purge_timeout) == 0)
- CONFIG(purge_timeout) = 60;
+ if (CONFIG(nl).purge_timeout == 0)
+ CONFIG(nl).purge_timeout = 60;
/* default to 60 seconds of refresh time */
- if (CONFIG(refresh) == 0)
- CONFIG(refresh) = 60;
+ if (CONFIG(sync).alarm_refresh == 0)
+ CONFIG(sync).alarm_refresh = 60;
- if (CONFIG(resend_queue_size) == 0)
- CONFIG(resend_queue_size) = 131072;
+ if (CONFIG(sync).resend_queue_size == 0)
+ CONFIG(sync).resend_queue_size = 131072;
/* default to a window size of 300 packets */
- if (CONFIG(window_size) == 0)
- CONFIG(window_size) = 300;
+ if (CONFIG(sync).window_size == 0)
+ CONFIG(sync).window_size = 300;
- if (CONFIG(event_iterations_limit) == 0)
- CONFIG(event_iterations_limit) = 100;
+ if (CONFIG(nl).event_iterations_limit == 0)
+ CONFIG(nl).event_iterations_limit = 100;
/* default number of bucket of the hashtable that are committed in
one run loop. XXX: no option available to tune this value yet. */
- if (CONFIG(general).commit_steps == 0)
- CONFIG(general).commit_steps = 8192;
+ if (CONFIG(nl).commit_steps == 0)
+ CONFIG(nl).commit_steps = 8192;
/* if overrun, automatically resync with kernel after 30 seconds */
- if (CONFIG(nl_overrun_resync) == 0)
- CONFIG(nl_overrun_resync) = 30;
+ if (CONFIG(nl).overrun_resync == 0)
+ CONFIG(nl).overrun_resync = 30;
/* default to 128 elements in the channel error queue */
- if (CONFIG(channelc).error_queue_length == 0)
- CONFIG(channelc).error_queue_length = 128;
+ if (CONFIG(channel).error_queue_length == 0)
+ CONFIG(channel).error_queue_length = 128;
- if (CONFIG(netlink).subsys_id == -1) {
- CONFIG(netlink).subsys_id = NFNL_SUBSYS_CTNETLINK;
- CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW |
+ if (CONFIG(nl).subsys_id == -1) {
+ CONFIG(nl).subsys_id = NFNL_SUBSYS_CTNETLINK;
+ CONFIG(nl).groups = NF_NETLINK_CONNTRACK_NEW |
NF_NETLINK_CONNTRACK_UPDATE |
NF_NETLINK_CONNTRACK_DESTROY;
}
diff --git a/src/run.c b/src/run.c
index 3337694..c558465 100644
--- a/src/run.c
+++ b/src/run.c
@@ -47,14 +47,14 @@ void killer(int foo)
local_server_destroy(&STATE(local));
- if (CONFIG(flags) & (CTD_SYNC_MODE | CTD_STATS_MODE))
+ if (CONFIG(general).flags & (CTD_SYNC_MODE | CTD_STATS_MODE))
ctnl_kill();
- if (CONFIG(flags) & CTD_HELPER)
+ if (CONFIG(general).flags & CTD_HELPER)
cthelper_kill();
destroy_fds(STATE(fds));
- unlink(CONFIG(lockfile));
+ unlink(CONFIG(general).lockfile);
dlog(LOG_NOTICE, "---- shutdown received ----");
close_log();
@@ -166,7 +166,7 @@ static void dump_stats_runtime(int fd)
STATE(stats).nl_overrun,
STATE(stats).nl_kernel_table_flush,
STATE(stats).nl_kernel_table_resync,
- CONFIG(netlink_buffer_size),
+ CONFIG(nl).buffer_size,
STATE(stats).child_process_failed,
STATE(stats).child_process_error_segfault,
STATE(stats).child_process_error_term,
@@ -199,10 +199,10 @@ static int local_handler(int fd, void *data)
break;
}
- if (CONFIG(flags) & (CTD_SYNC_MODE | CTD_STATS_MODE))
+ if (CONFIG(general).flags & (CTD_SYNC_MODE | CTD_STATS_MODE))
return ctnl_local(fd, type, data);
- if (CONFIG(flags) & CTD_HELPER)
+ if (CONFIG(general).flags & CTD_HELPER)
return cthelper_local(fd, type, data);
return ret;
@@ -226,7 +226,7 @@ init(void)
}
/* local UNIX socket */
- if (local_server_create(&STATE(local), &CONFIG(local)) == -1) {
+ if (local_server_create(&STATE(local), &CONFIG(general).local) == -1) {
dlog(LOG_ERR, "can't open unix socket!");
return -1;
}
@@ -252,11 +252,11 @@ init(void)
return -1;
/* Initialization */
- if (CONFIG(flags) & (CTD_SYNC_MODE | CTD_STATS_MODE))
+ if (CONFIG(general).flags & (CTD_SYNC_MODE | CTD_STATS_MODE))
if (ctnl_init() < 0)
return -1;
- if (CONFIG(flags) & CTD_HELPER) {
+ if (CONFIG(general).flags & CTD_HELPER) {
if (cthelper_init() < 0)
return -1;
}
diff --git a/src/sync-alarm.c b/src/sync-alarm.c
index acaf5e6..d32975a 100644
--- a/src/sync-alarm.c
+++ b/src/sync-alarm.c
@@ -35,12 +35,11 @@ struct cache_alarm {
static void alarm_enqueue(struct cache_object *obj, int query);
-static void refresher(struct alarm_block *a, void *data)
+static void alarm_refresher(struct alarm_block *a, void *data)
{
struct cache_object *obj = data;
- add_alarm(a,
- random() % CONFIG(refresh) + 1,
+ add_alarm(a, random() % CONFIG(sync).alarm_refresh + 1,
((random() % 5 + 1) * 200000) - 1);
alarm_enqueue(obj, NET_T_STATE_CT_UPD);
@@ -52,17 +51,15 @@ static void cache_alarm_add(struct cache_object *obj, void *data)
queue_node_init(&ca->qnode, Q_ELEM_OBJ);
ca->obj = obj;
- init_alarm(&ca->alarm, obj, refresher);
- add_alarm(&ca->alarm,
- random() % CONFIG(refresh) + 1,
+ init_alarm(&ca->alarm, obj, alarm_refresher);
+ add_alarm(&ca->alarm, random() % CONFIG(sync).alarm_refresh + 1,
((random() % 5 + 1) * 200000) - 1);
}
static void cache_alarm_update(struct cache_object *obj, void *data)
{
struct cache_alarm *ca = data;
- add_alarm(&ca->alarm,
- random() % CONFIG(refresh) + 1,
+ add_alarm(&ca->alarm, random() % CONFIG(sync).alarm_refresh + 1,
((random() % 5 + 1) * 200000) - 1);
}
diff --git a/src/sync-ftfw.c b/src/sync-ftfw.c
index 1bc2d9f..3f94e71 100644
--- a/src/sync-ftfw.c
+++ b/src/sync-ftfw.c
@@ -148,7 +148,7 @@ static void do_alive_alarm(struct alarm_block *a, void *data)
static int ftfw_init(void)
{
- rs_queue = queue_create("rsqueue", CONFIG(resend_queue_size), 0);
+ rs_queue = queue_create("rsqueue", CONFIG(sync).resend_queue_size, 0);
if (rs_queue == NULL) {
dlog(LOG_ERR, "cannot create rs queue");
return -1;
@@ -158,7 +158,7 @@ static int ftfw_init(void)
add_alarm(&alive_alarm, ALIVE_INT, 0);
/* set ack window size */
- window = CONFIG(window_size);
+ window = CONFIG(sync).window_size;
return 0;
}
@@ -389,7 +389,7 @@ static int ftfw_recv(const struct nethdr *net)
/* we have received a hello while we had data to acknowledge.
* reset the window, the other doesn't know anthing about it. */
if (ack_from_set && before(net->seq, ack_from)) {
- window = CONFIG(window_size) - 1;
+ window = CONFIG(sync).window_size - 1;
ack_from = net->seq;
}
@@ -417,7 +417,7 @@ static int ftfw_recv(const struct nethdr *net)
tx_queue_add_ctlmsg(NET_F_NACK, exp_seq, net->seq-1);
/* count this message as part of the new window */
- window = CONFIG(window_size) - 1;
+ window = CONFIG(sync).window_size - 1;
ack_from = net->seq;
ack_from_set = 1;
break;
@@ -444,7 +444,7 @@ bypass:
if (--window <= 0) {
/* received a window, send an acknowledgement */
tx_queue_add_ctlmsg(NET_F_ACK, ack_from, net->seq);
- window = CONFIG(window_size);
+ window = CONFIG(sync).window_size;
ack_from_set = 0;
}
}
diff --git a/src/sync-mode.c b/src/sync-mode.c
index e69ecfe..942392a 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -255,7 +255,7 @@ static void channel_handler(void *data)
struct channel *c = data;
int k;
- for (k=0; k<CONFIG(event_iterations_limit); k++) {
+ for (k=0; k<CONFIG(nl).event_iterations_limit; k++) {
if (channel_handler_routine(c) == -1) {
break;
}
@@ -370,16 +370,16 @@ static int init_sync(void)
}
memset(state.sync, 0, sizeof(struct ct_sync_state));
- if (CONFIG(flags) & CTD_SYNC_FTFW)
+ if (CONFIG(general).flags & CTD_SYNC_FTFW)
STATE_SYNC(sync) = &sync_ftfw;
- else if (CONFIG(flags) & CTD_SYNC_ALARM)
+ else if (CONFIG(general).flags & CTD_SYNC_ALARM)
STATE_SYNC(sync) = &sync_alarm;
- else if (CONFIG(flags) & CTD_SYNC_NOTRACK)
+ else if (CONFIG(general).flags & CTD_SYNC_NOTRACK)
STATE_SYNC(sync) = &sync_notrack;
else {
fprintf(stderr, "WARNING: No synchronization mode specified. "
"Defaulting to FT-FW mode.\n");
- CONFIG(flags) |= CTD_SYNC_FTFW;
+ CONFIG(general).flags |= CTD_SYNC_FTFW;
STATE_SYNC(sync) = &sync_ftfw;
}
@@ -410,7 +410,7 @@ static int init_sync(void)
/* channel to send events on the wire */
STATE_SYNC(channel) =
- multichannel_open(CONFIG(channel), CONFIG(channel_num));
+ multichannel_open(CONFIG(channel).conf, CONFIG(channel).num);
if (STATE_SYNC(channel) == NULL) {
dlog(LOG_ERR, "can't open channel socket");
return -1;
@@ -451,7 +451,7 @@ static int init_sync(void)
tx_queue_cb, NULL, STATE(fds)) == -1)
return -1;
- STATE_SYNC(commit).h = nfct_open(CONFIG(netlink).subsys_id, 0);
+ STATE_SYNC(commit).h = nfct_open(CONFIG(nl).subsys_id, 0);
if (STATE_SYNC(commit).h == NULL) {
dlog(LOG_ERR, "can't create handler to commit");
return -1;
@@ -607,9 +607,9 @@ static int local_handler_sync(int fd, int type, void *data)
case RESET_TIMERS:
if (!alarm_pending(&STATE_SYNC(reset_cache_alarm))) {
dlog(LOG_NOTICE, "flushing conntrack table in %d secs",
- CONFIG(purge_timeout));
+ CONFIG(nl).purge_timeout);
add_alarm(&STATE_SYNC(reset_cache_alarm),
- CONFIG(purge_timeout), 0);
+ CONFIG(nl).purge_timeout, 0);
}
break;
case CT_FLUSH_CACHE:
@@ -664,7 +664,7 @@ static int local_handler_sync(int fd, int type, void *data)
queue_stats_show(fd);
break;
case EXP_STATS:
- if (!(CONFIG(flags) & CTD_EXPECT))
+ if (!(CONFIG(general).flags & CTD_EXPECT))
break;
STATE(mode)->internal->exp.stats(fd);
@@ -674,7 +674,7 @@ static int local_handler_sync(int fd, int type, void *data)
dump_stats_sync(fd);
break;
case EXP_DUMP_INTERNAL:
- if (!(CONFIG(flags) & CTD_EXPECT))
+ if (!(CONFIG(general).flags & CTD_EXPECT))
break;
if (fork_process_new(CTD_PROC_ANY, 0, NULL, NULL) == 0) {
@@ -683,7 +683,7 @@ static int local_handler_sync(int fd, int type, void *data)
}
break;
case EXP_DUMP_EXTERNAL:
- if (!(CONFIG(flags) & CTD_EXPECT))
+ if (!(CONFIG(general).flags & CTD_EXPECT))
break;
if (fork_process_new(CTD_PROC_ANY, 0, NULL, NULL) == 0) {
@@ -692,7 +692,7 @@ static int local_handler_sync(int fd, int type, void *data)
}
break;
case EXP_COMMIT:
- if (!(CONFIG(flags) & CTD_EXPECT))
+ if (!(CONFIG(general).flags & CTD_EXPECT))
break;
dlog(LOG_NOTICE, "committing expectation cache");
@@ -710,7 +710,7 @@ static int local_handler_sync(int fd, int type, void *data)
dlog(LOG_NOTICE, "flushing caches");
STATE(mode)->internal->ct.flush();
STATE_SYNC(external)->ct.flush();
- if (CONFIG(flags) & CTD_EXPECT) {
+ if (CONFIG(general).flags & CTD_EXPECT) {
STATE(mode)->internal->exp.flush();
STATE_SYNC(external)->exp.flush();
}
@@ -718,7 +718,7 @@ static int local_handler_sync(int fd, int type, void *data)
case ALL_COMMIT:
dlog(LOG_NOTICE, "committing all external caches");
STATE_SYNC(commit).rq[0].cb = STATE_SYNC(external)->ct.commit;
- if (CONFIG(flags) & CTD_EXPECT) {
+ if (CONFIG(general).flags & CTD_EXPECT) {
STATE_SYNC(commit).rq[1].cb =
STATE_SYNC(external)->exp.commit;
} else {
diff --git a/src/sync-notrack.c b/src/sync-notrack.c
index a7df4e7..263f763 100644
--- a/src/sync-notrack.c
+++ b/src/sync-notrack.c
@@ -102,7 +102,7 @@ static void kernel_resync(void)
u_int32_t family = AF_UNSPEC;
int ret;
- h = nfct_open(CONFIG(netlink).subsys_id, 0);
+ h = nfct_open(CONFIG(nl).subsys_id, 0);
if (h == NULL) {
dlog(LOG_ERR, "can't allocate memory for the internal cache");
return;
--
1.7.10.4
