From 17e6e4eac070607a35464ea7e2c5eceac32e5eca Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 2 Jun 2009 20:08:46 +0200 Subject: netfilter: conntrack: simplify event caching system This patch simplifies the conntrack event caching system by removing several events: * IPCT_[*]_VOLATILE, IPCT_HELPINFO and IPCT_NATINFO has been deleted since the have no clients. * IPCT_COUNTER_FILLING which is a leftover of the 32-bits counter days. * IPCT_REFRESH which is not of any use since we always include the timeout in the messages. After this patch, the existing events are: * IPCT_NEW, IPCT_RELATED and IPCT_DESTROY, that are used to identify addition and deletion of entries. * IPCT_STATUS, that notes that the status bits have changes, eg. IPS_SEEN_REPLY and IPS_ASSURED. * IPCT_PROTOINFO, that reports that internal protocol information has changed, eg. the TCP, DCCP and SCTP protocol state. * IPCT_HELPER, that a helper has been assigned or unassigned to this entry. * IPCT_MARK and IPCT_SECMARK, that reports that the mark has changed, this covers the case when a mark is set to zero. * IPCT_NATSEQADJ, to report that there's updates in the NAT sequence adjustment. Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_conntrack_ecache.h | 36 +++++------------------------ 1 file changed, 6 insertions(+), 30 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h index 892b8cd..2e17a2d 100644 --- a/include/net/netfilter/nf_conntrack_ecache.h +++ b/include/net/netfilter/nf_conntrack_ecache.h @@ -26,52 +26,28 @@ enum ip_conntrack_events IPCT_DESTROY_BIT = 2, IPCT_DESTROY = (1 << IPCT_DESTROY_BIT), - /* Timer has been refreshed */ - IPCT_REFRESH_BIT = 3, - IPCT_REFRESH = (1 << IPCT_REFRESH_BIT), - /* Status has changed */ - IPCT_STATUS_BIT = 4, + IPCT_STATUS_BIT = 3, IPCT_STATUS = (1 << IPCT_STATUS_BIT), /* Update of protocol info */ - IPCT_PROTOINFO_BIT = 5, + IPCT_PROTOINFO_BIT = 4, IPCT_PROTOINFO = (1 << IPCT_PROTOINFO_BIT), - /* Volatile protocol info */ - IPCT_PROTOINFO_VOLATILE_BIT = 6, - IPCT_PROTOINFO_VOLATILE = (1 << IPCT_PROTOINFO_VOLATILE_BIT), - /* New helper for conntrack */ - IPCT_HELPER_BIT = 7, + IPCT_HELPER_BIT = 5, IPCT_HELPER = (1 << IPCT_HELPER_BIT), - /* Update of helper info */ - IPCT_HELPINFO_BIT = 8, - IPCT_HELPINFO = (1 << IPCT_HELPINFO_BIT), - - /* Volatile helper info */ - IPCT_HELPINFO_VOLATILE_BIT = 9, - IPCT_HELPINFO_VOLATILE = (1 << IPCT_HELPINFO_VOLATILE_BIT), - - /* NAT info */ - IPCT_NATINFO_BIT = 10, - IPCT_NATINFO = (1 << IPCT_NATINFO_BIT), - - /* Counter highest bit has been set, unused */ - IPCT_COUNTER_FILLING_BIT = 11, - IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), - /* Mark is set */ - IPCT_MARK_BIT = 12, + IPCT_MARK_BIT = 6, IPCT_MARK = (1 << IPCT_MARK_BIT), /* NAT sequence adjustment */ - IPCT_NATSEQADJ_BIT = 13, + IPCT_NATSEQADJ_BIT = 7, IPCT_NATSEQADJ = (1 << IPCT_NATSEQADJ_BIT), /* Secmark is set */ - IPCT_SECMARK_BIT = 14, + IPCT_SECMARK_BIT = 8, IPCT_SECMARK = (1 << IPCT_SECMARK_BIT), }; -- cgit v1.1