[PATCH conntrackd 1/2] conntrackd: Remove obsolete rule to catch ambiguous Checksum option

[PATCH conntrackd 1/2] conntrackd: Remove obsolete rule to catch ambiguous Checksum option

[Pablo Neira Ayuso]

This warning has been there for long time, and the example files we
provide already come with the right syntax, so remove this old chunk.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/read_config_yy.y | 23 -----------------------
 1 file changed, 23 deletions(-)

diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 97f905d13091..2c08d4e5b1b3 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -185,28 +185,6 @@ purge: T_PURGE T_NUMBER
 	conf.purge_timeout = $2;
 };
 
-checksum: T_CHECKSUM T_ON 
-{
-	dlog(LOG_WARNING, "the use of `Checksum' outside the "
-	     "`Multicast' clause is ambiguous");
-	/* 
-	 * XXX: The use of Checksum outside of the Multicast clause is broken
-	 *	if we have more than one dedicated links.
-	 */
-	conf.channel[0].u.mcast.checksum = 0;
-};
-
-checksum: T_CHECKSUM T_OFF
-{
-	dlog(LOG_WARNING, "the use of `Checksum' outside the "
-	     "`Multicast' clause is ambiguous");
-	/*
-	 * XXX: The use of Checksum outside of the Multicast clause is broken
-	 *	if we have more than one dedicated links.
-	 */
-	conf.channel[0].u.mcast.checksum = 1;
-};
-
 multicast_line : T_MULTICAST '{' multicast_options '}'
 {
 	if (conf.channel_type_global != CHANNEL_NONE &&
@@ -693,7 +671,6 @@ sync_line: refreshtime
 	 | expiretime
 	 | timeout
 	 | purge
-	 | checksum
 	 | multicast_line
 	 | udp_line
 	 | tcp_line
-- 
2.1.4

[PATCH conntrackd 2/2] conntrackd: CommitTimeout breaks DisableExternalCache set On

[Pablo Neira Ayuso]

This patch introduces a new evaluate() function that can be used to spot
inconsistent configurations.

Don't allow CommitTimeout with DisableExternalCache On since this
results in EINVAL errors. CommitTimeout makes no sense with no external
cache.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/conntrackd.h |  1 +
 src/main.c           | 11 +++++++++++
 src/run.c            | 13 +++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/include/conntrackd.h b/include/conntrackd.h
index f995f4b69b72..27e43db871bf 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -300,6 +300,7 @@ extern struct ct_mode stats_mode;
 
 /* These live in run.c */
 void killer(int foo);
+int evaluate(void);
 int init(void);
 void select_main_loop(void);
 
diff --git a/src/main.c b/src/main.c
index febeaa929f6b..1a57cf8c886c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -382,6 +382,17 @@ int main(int argc, char *argv[])
 	}
 
 	/*
+	 * Evaluate configuration
+	 */
+	if (evaluate() == -1) {
+		dlog(LOG_ERR, "conntrackd cannot start, please review your "
+		     "configuration");
+		close_log();
+		unlink(CONFIG(lockfile));
+		exit(EXIT_FAILURE);
+	}
+
+	/*
 	 * initialization process
 	 */
 
diff --git a/src/run.c b/src/run.c
index b71369b5bc75..1fe6cbaaff6f 100644
--- a/src/run.c
+++ b/src/run.c
@@ -221,6 +221,19 @@ static void local_cb(void *data)
 	do_local_server_step(&STATE(local), NULL, local_handler);
 }
 
+int evaluate(void)
+{
+	if (CONFIG(sync).external_cache_disable &&
+	    CONFIG(commit_timeout)) {
+		dlog(LOG_WARNING, "`CommitTimeout' can't be combined with "
+		     "`DisableExternalCache', ignoring this option. "
+		     "Fix your configuration file.");
+		CONFIG(commit_timeout) = 0;
+	}
+
+	return 0;
+}
+
 int
 init(void)
 {
-- 
2.1.4