[conntrack-tools] conntrackd: request resync at startup

Submitted by Arturo Borrero Gonzalez on April 20, 2017, 5:21 p.m.

Details

Message ID 149270883020.981.11533592085958035807.stgit@nfdev2.cica.es
State Under Review
Delegated to: Pablo Neira
Headers show

Commit Message

Arturo Borrero Gonzalez April 20, 2017, 5:21 p.m.
If a node goes to live, ask the other for resync at startup.
This has to be done usually by hand, but I guess is an operation common
enough to add some bits to ease people life here.

Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---

NOTE: this patch belongs to the previous series, but I forgot to include it

 conntrackd.conf.5     |   18 +++++++++++++++++-
 include/conntrackd.h  |    1 +
 include/resync.h      |    1 +
 src/main.c            |    2 ++
 src/read_config_lex.l |    1 +
 src/read_config_yy.y  |   14 +++++++++++++-
 src/resync.c          |    8 ++++++++
 7 files changed, 43 insertions(+), 2 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch hide | download patch | download mbox

diff --git a/conntrackd.conf.5 b/conntrackd.conf.5
index 6ac0fb6..b757661 100644
--- a/conntrackd.conf.5
+++ b/conntrackd.conf.5
@@ -22,7 +22,7 @@ 
 .\" <http://www.gnu.org/licenses/>.
 .\" %%%LICENSE_END
 .\"
-.TH CONNTRACKD.CONF 5 "Oct 18, 2016"
+.TH CONNTRACKD.CONF 5 "Apr 20, 2017"
 
 .SH NAME
 conntrackd.conf \- configuration file for conntrackd daemon
@@ -146,6 +146,18 @@  enabling this option!
 
 By default, this clause is set off.
 
+.TP
+.BI "StartupResync <on|off>"
+Order conntrackd to request a complete conntrack table resync against the other
+node at startup. A single request will be made.
+
+This is useful to get in sync with another node which has been running while we
+were down.
+
+Example: StartupResync on
+
+By default, this clause is set off.
+
 .SS Mode ALARM
 
 This mode is spamming. It is based on a alarm-based protocol that periodically
@@ -215,6 +227,10 @@  Same as in \fBFTFW\fP mode.
 .BI "PurgeTimeout <seconds>"
 Same as in \fBFTFW\fP mode.
 
+.TP
+.BI "StartupResync <on|off>"
+Same as in \fBFTFW\fP mode.
+
 .SS MULTICAST
 
 This section indicates to \fBconntrackd(8)\fP to use multicast as transport
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 4cfb373..6d2d293 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -112,6 +112,7 @@  struct ct_conf {
 	int systemd;
 	int running_mode;
 	int request_resync;
+	int startup_resync;
 	struct {
 		int error_queue_length;
 	} channelc;
diff --git a/include/resync.h b/include/resync.h
index 75cd7dd..8423858 100644
--- a/include/resync.h
+++ b/include/resync.h
@@ -4,5 +4,6 @@ 
 void resync_req(void);
 void resync_send(int (*do_cache_to_tx)(void *data1, void *data2));
 void resync_run_init(void);
+void resync_at_startup(void);
 
 #endif /*_RESYNC_H_ */
diff --git a/src/main.c b/src/main.c
index 1a57cf8..fb20f1d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -21,6 +21,7 @@ 
 #include "log.h"
 #include "helper.h"
 #include "systemd.h"
+#include "resync.h"
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -431,6 +432,7 @@  int main(int argc, char *argv[])
 		dlog(LOG_NOTICE, "-- starting in console mode --");
 
 	sd_ct_init();
+	resync_at_startup();
 
 	/*
 	 * run main process
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index 664b818..46db263 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -137,6 +137,7 @@  notrack		[N|n][O|o][T|t][R|r][A|a][C|c][K|k]
 "ExpectTimeout"			{ return T_HELPER_EXPECT_TIMEOUT; }
 "Systemd"			{ return T_SYSTEMD; }
 "RequestResync"			{ return T_REQUEST_RESYNC; }
+"StartupResync"			{ return T_STARTUP_RESYNC; }
 
 {is_on}			{ return T_ON; }
 {is_off}		{ return T_OFF; }
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 0509bd3..2b5e72a 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -81,7 +81,7 @@  enum {
 %token T_OPTIONS T_TCP_WINDOW_TRACKING T_EXPECT_SYNC
 %token T_HELPER T_HELPER_QUEUE_NUM T_HELPER_QUEUE_LEN T_HELPER_POLICY
 %token T_HELPER_EXPECT_TIMEOUT T_HELPER_EXPECT_MAX
-%token T_SYSTEMD T_REQUEST_RESYNC
+%token T_SYSTEMD T_REQUEST_RESYNC T_STARTUP_RESYNC
 
 %token <string> T_IP T_PATH_VAL
 %token <val> T_NUMBER
@@ -768,6 +768,7 @@  sync_mode_ftfw_line: resend_queue_size
 		   | purge
 		   | window_size
 		   | disable_external_cache
+		   | startup_resync
 		   ;
 
 sync_mode_notrack_list:
@@ -778,6 +779,7 @@  sync_mode_notrack_line: timeout
 		      | disable_internal_cache
 		      | disable_external_cache
 		      | request_resync
+		      | startup_resync
 		      ;
 
 disable_internal_cache: T_DISABLE_INTERNAL_CACHE T_ON
@@ -810,6 +812,16 @@  request_resync: T_REQUEST_RESYNC T_NUMBER
 	conf.request_resync = $2;
 };
 
+startup_resync: T_STARTUP_RESYNC T_ON
+{
+	conf.startup_resync = 1;
+};
+
+startup_resync: T_STARTUP_RESYNC T_OFF
+{
+	conf.startup_resync = 0;
+};
+
 window_size: T_WINDOWSIZE T_NUMBER
 {
 	conf.window_size = $2;
diff --git a/src/resync.c b/src/resync.c
index 4310d6b..28e978b 100644
--- a/src/resync.c
+++ b/src/resync.c
@@ -59,3 +59,11 @@  void resync_run_init(void)
 	init_alarm(&resync_run_alarm, NULL,  resync_run);
 	add_alarm(&resync_run_alarm, CONFIG(request_resync), 0);
 }
+
+void resync_at_startup(void)
+{
+	if (CONFIG(startup_resync) == 0)
+		return;
+
+	resync_req();
+}