From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH conntrackd 2/2] conntrackd: CommitTimeout breaks DisableExternalCache set On
Date: Fri, 10 Mar 2017 10:41:48 +0100 [thread overview]
Message-ID: <1489138908-3822-2-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1489138908-3822-1-git-send-email-pablo@netfilter.org>
This patch introduces a new evaluate() function that can be used to spot
inconsistent configurations.
Don't allow CommitTimeout with DisableExternalCache On since this
results in EINVAL errors. CommitTimeout makes no sense with no external
cache.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/conntrackd.h | 1 +
src/main.c | 11 +++++++++++
src/run.c | 13 +++++++++++++
3 files changed, 25 insertions(+)
diff --git a/include/conntrackd.h b/include/conntrackd.h
index f995f4b69b72..27e43db871bf 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -300,6 +300,7 @@ extern struct ct_mode stats_mode;
/* These live in run.c */
void killer(int foo);
+int evaluate(void);
int init(void);
void select_main_loop(void);
diff --git a/src/main.c b/src/main.c
index febeaa929f6b..1a57cf8c886c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -382,6 +382,17 @@ int main(int argc, char *argv[])
}
/*
+ * Evaluate configuration
+ */
+ if (evaluate() == -1) {
+ dlog(LOG_ERR, "conntrackd cannot start, please review your "
+ "configuration");
+ close_log();
+ unlink(CONFIG(lockfile));
+ exit(EXIT_FAILURE);
+ }
+
+ /*
* initialization process
*/
diff --git a/src/run.c b/src/run.c
index b71369b5bc75..1fe6cbaaff6f 100644
--- a/src/run.c
+++ b/src/run.c
@@ -221,6 +221,19 @@ static void local_cb(void *data)
do_local_server_step(&STATE(local), NULL, local_handler);
}
+int evaluate(void)
+{
+ if (CONFIG(sync).external_cache_disable &&
+ CONFIG(commit_timeout)) {
+ dlog(LOG_WARNING, "`CommitTimeout' can't be combined with "
+ "`DisableExternalCache', ignoring this option. "
+ "Fix your configuration file.");
+ CONFIG(commit_timeout) = 0;
+ }
+
+ return 0;
+}
+
int
init(void)
{
--
2.1.4
prev parent reply other threads:[~2017-03-10 9:41 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-10 9:41 [PATCH conntrackd 1/2] conntrackd: Remove obsolete rule to catch ambiguous Checksum option Pablo Neira Ayuso
2017-03-10 9:41 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1489138908-3822-2-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).