[conntrack-tools PATCH 1/2] conntrackd: consolidate more code to use resync_send()

[conntrack-tools PATCH 1/2] conntrackd: consolidate more code to use resync_send()

[Arturo Borrero Gonzalez]

These digest_msg() functions can use resync_send() as well.

While at it, bring back a call to kernel_resync() in notrack_local() which was
lost in a previous commit.

Fixes: 131df891f77dc75515d5eabdedd9818105d29f5a ("conntrackd: factorize resync operations")
Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---
 src/sync-ftfw.c    |    5 +----
 src/sync-notrack.c |   15 +++++++--------
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/src/sync-ftfw.c b/src/sync-ftfw.c
index 6fdb058..6dca3dc 100644
--- a/src/sync-ftfw.c
+++ b/src/sync-ftfw.c
@@ -313,10 +313,7 @@ static int digest_msg(const struct nethdr *net)
 
 	} else if (IS_RESYNC(net)) {
 		dlog(LOG_NOTICE, "resync requested by other node");
-		cache_iterate(STATE(mode)->internal->ct.data, NULL,
-			      do_cache_to_tx);
-		cache_iterate(STATE(mode)->internal->exp.data, NULL,
-			      do_cache_to_tx);
+		resync_send(do_cache_to_tx);
 		return MSG_CTL;
 
 	} else if (IS_ALIVE(net))
diff --git a/src/sync-notrack.c b/src/sync-notrack.c
index 7ce62d9..1b53e1b 100644
--- a/src/sync-notrack.c
+++ b/src/sync-notrack.c
@@ -107,7 +107,10 @@ static int notrack_local(int fd, int type, void *data)
 		resync_req();
 		break;
 	case SEND_BULK:
-		resync_send(do_cache_to_tx);
+		if (CONFIG(sync).internal_cache_disable)
+			kernel_resync();
+		else
+			resync_send(do_cache_to_tx);
 		break;
 	default:
 		ret = 0;
@@ -124,14 +127,10 @@ static int digest_msg(const struct nethdr *net)
 
 	if (IS_RESYNC(net)) {
 		dlog(LOG_NOTICE, "resync requested by other node");
-		if (CONFIG(sync).internal_cache_disable) {
+		if (CONFIG(sync).internal_cache_disable)
 			kernel_resync();
-		} else {
-			cache_iterate(STATE(mode)->internal->ct.data,
-				      NULL, do_cache_to_tx);
-			cache_iterate(STATE(mode)->internal->exp.data,
-				      NULL, do_cache_to_tx);
-		}
+		else
+			resync_send(do_cache_to_tx);
 		return MSG_CTL;
 	}
 

[conntrack-tools PATCH 2/2] conntrackd: request resync at startup

[Arturo Borrero Gonzalez]

If a node goes to live, ask the other for resync at startup.
This has to be done usually by hand, but I guess is an operation common
enough to add some bits to ease people life here.

Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---
 conntrackd.conf.5     |   25 +++++++++++++++++++++----
 include/conntrackd.h  |    1 +
 include/resync.h      |    1 +
 src/main.c            |    2 ++
 src/read_config_lex.l |    1 +
 src/read_config_yy.y  |   14 +++++++++++++-
 src/resync.c          |    8 ++++++++
 7 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/conntrackd.conf.5 b/conntrackd.conf.5
index 4a4f2e2..94de327 100644
--- a/conntrackd.conf.5
+++ b/conntrackd.conf.5
@@ -22,7 +22,7 @@
 .\" <http://www.gnu.org/licenses/>.
 .\" %%%LICENSE_END
 .\"
-.TH CONNTRACKD.CONF 5 "Oct 18, 2016"
+.TH CONNTRACKD.CONF 5 "May 09, 2017"
 
 .SH NAME
 conntrackd.conf \- configuration file for conntrackd daemon
@@ -78,8 +78,8 @@ This mode is based on a reliable protocol that performs message tracking.
 Thus, the protocol can recover from message loss, re-ordering and corruption.
 
 In this synchronization mode you may configure \fBResendQueueSize\fP,
-\fBCommitTimeout\fP, \fBPurgeTimeout\fP, \fBACKWindowSize\fP and
-\fBDisableExternalCache\fP.
+\fBCommitTimeout\fP, \fBPurgeTimeout\fP, \fBACKWindowSize\fP ,
+\fBDisableExternalCache\fP and \fBStartupResync\fP.
 
 .TP
 .BI "ResendQueueSize <value>"
@@ -146,6 +146,18 @@ enabling this option!
 
 By default, this clause is set off.
 
+.TP
+.BI "StartupResync <on|off>"
+Order conntrackd to request a complete conntrack table resync against the other
+node at startup. A single request will be made.
+
+This is useful to get in sync with another node which has been running while we
+were down.
+
+Example: StartupResync on
+
+By default, this clause is set off.
+
 .SS Mode ALARM
 
 This mode is spamming. It is based on a alarm-based protocol that periodically
@@ -185,7 +197,8 @@ ie. unreliable protocol. This protocol sends and receives the state information
 without performing any specific checking.
 
 In this synchronization mode you may configure \fBDisableInternalCache\fP,
-\fBDisableExternalCache\fP, \fBCommitTimeout\fP and \fBPurgeTimeout\fP.
+\fBDisableExternalCache\fP, \fBCommitTimeout\fP, \fBPurgeTimeout\fP and
+\fBStartupResync\fP.
 
 .TP
 .BI "DisableInternalCache <on|off>"
@@ -206,6 +219,10 @@ Same as in \fBFTFW\fP mode.
 .BI "PurgeTimeout <seconds>"
 Same as in \fBFTFW\fP mode.
 
+.TP
+.BI "StartupResync <on|off>"
+Same as in \fBFTFW\fP mode.
+
 .SS MULTICAST
 
 This section indicates to \fBconntrackd(8)\fP to use multicast as transport
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 27e43db..1a7ea66 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -111,6 +111,7 @@ struct ct_conf {
 	int event_iterations_limit;
 	int systemd;
 	int running_mode;
+	int startup_resync;
 	struct {
 		int error_queue_length;
 	} channelc;
diff --git a/include/resync.h b/include/resync.h
index 5986600..827e38a 100644
--- a/include/resync.h
+++ b/include/resync.h
@@ -3,5 +3,6 @@
 
 void resync_req(void);
 void resync_send(int (*do_cache_to_tx)(void *data1, void *data2));
+void resync_at_startup(void);
 
 #endif /*_RESYNC_H_ */
diff --git a/src/main.c b/src/main.c
index 1a57cf8..fb20f1d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -21,6 +21,7 @@
 #include "log.h"
 #include "helper.h"
 #include "systemd.h"
+#include "resync.h"
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -431,6 +432,7 @@ int main(int argc, char *argv[])
 		dlog(LOG_NOTICE, "-- starting in console mode --");
 
 	sd_ct_init();
+	resync_at_startup();
 
 	/*
 	 * run main process
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index a378269..120bc00 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -136,6 +136,7 @@ notrack		[N|n][O|o][T|t][R|r][A|a][C|c][K|k]
 "ExpectMax"			{ return T_HELPER_EXPECT_MAX; }
 "ExpectTimeout"			{ return T_HELPER_EXPECT_TIMEOUT; }
 "Systemd"			{ return T_SYSTEMD; }
+"StartupResync"			{ return T_STARTUP_RESYNC; }
 
 {is_on}			{ return T_ON; }
 {is_off}		{ return T_OFF; }
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 2c08d4e..3bb7c5f 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -81,7 +81,7 @@ enum {
 %token T_OPTIONS T_TCP_WINDOW_TRACKING T_EXPECT_SYNC
 %token T_HELPER T_HELPER_QUEUE_NUM T_HELPER_QUEUE_LEN T_HELPER_POLICY
 %token T_HELPER_EXPECT_TIMEOUT T_HELPER_EXPECT_MAX
-%token T_SYSTEMD
+%token T_SYSTEMD T_STARTUP_RESYNC
 
 %token <string> T_IP T_PATH_VAL
 %token <val> T_NUMBER
@@ -768,6 +768,7 @@ sync_mode_ftfw_line: resend_queue_size
 		   | purge
 		   | window_size
 		   | disable_external_cache
+		   | startup_resync
 		   ;
 
 sync_mode_notrack_list:
@@ -777,6 +778,7 @@ sync_mode_notrack_line: timeout
 		      | purge
 		      | disable_internal_cache
 		      | disable_external_cache
+		      | startup_resync
 		      ;
 
 disable_internal_cache: T_DISABLE_INTERNAL_CACHE T_ON
@@ -804,6 +806,16 @@ resend_queue_size: T_RESEND_QUEUE_SIZE T_NUMBER
 	conf.resend_queue_size = $2;
 };
 
+startup_resync: T_STARTUP_RESYNC T_ON
+{
+	conf.startup_resync = 1;
+};
+
+startup_resync: T_STARTUP_RESYNC T_OFF
+{
+	conf.startup_resync = 0;
+};
+
 window_size: T_WINDOWSIZE T_NUMBER
 {
 	conf.window_size = $2;
diff --git a/src/resync.c b/src/resync.c
index dbb2b6f..5394245 100644
--- a/src/resync.c
+++ b/src/resync.c
@@ -38,3 +38,11 @@ void resync_send(int (*do_cache_to_tx)(void *data1, void *data2))
 	cache_iterate(STATE(mode)->internal->exp.data,
 		      NULL, do_cache_to_tx);
 }
+
+void resync_at_startup(void)
+{
+	if (CONFIG(startup_resync) == 0)
+		return;
+
+	resync_req();
+}

Re: [conntrack-tools PATCH 1/2] conntrackd: consolidate more code to use resync_send()

[Pablo Neira Ayuso]

On Tue, May 09, 2017 at 09:41:10AM +0200, Arturo Borrero Gonzalez wrote:
> These digest_msg() functions can use resync_send() as well.
> 
> While at it, bring back a call to kernel_resync() in notrack_local() which was
> lost in a previous commit.

Applied, thanks.

Re: [conntrack-tools PATCH 2/2] conntrackd: request resync at startup

[Pablo Neira Ayuso]

On Tue, May 09, 2017 at 09:41:15AM +0200, Arturo Borrero Gonzalez wrote:
> If a node goes to live, ask the other for resync at startup.
> This has to be done usually by hand, but I guess is an operation common
> enough to add some bits to ease people life here.

Also applied, thanks.