¡¾×ªÌûLINUX¡¿netfilterÖеÄconntrackÄÚºËÔĶÁ±Ê¼Ç(4)

2008-07-07 22:09
3£¬init_conntrack£º
init_conntrackÓÃÓÚ´´½¨Ò»¸öеÄip_conntrack£¬²¢¶ÔÆä½øÐгõʼ»¯¡£
/*1,ÿһ¸öÁ¬½Ó°üº¬Á½¸ötuple£¬originalºÍreply£¬ip_ct_invert_tuple ¸ù¾Ý´«ÈëµÄoriginal tuple»ñÈ¡Æäreply tuple£¬Æä×îÖÕ½«µ÷ÓÃËùÊôЭÒéµÄinvert_tuple Íê³É´¦Àí*/
   if (!ip_ct_invert_tuple(&repl_tuple, tuple, protocol)) {
     DEBUGP("Can't invert tuple.\n");
     return NULL;
}
/*2,´ÓcacheÖÐΪconntrack·ÖÅäÄڴ棬²¢½øÐÐͨÓõijõʼ»¯£¬Èç³õʼ»¯tuplehash¡¢timeoutºÍct_general£»Èç¹ûµ±Ç°Á¬½ÓÊýÒÑ´ïÉÏÏÞ£¬Ôòµ÷ÓÃearly_dropÊÍ·ÅtupleËùÔÚhashÁ´ÉϵÄδӦ´ðÏî*/
   conntrack = ip_conntrack_alloc(tuple, &repl_tuple);
/*3,µ÷ÓÃËùÊôЭÒéµÄnewº¯Êý£¬¸ù¾Ý±¨ÎÄÊý¾Ý£¬³õʼ»¯conntrack£¬ºÍЭÒéÏà¹ØµÄ˽Óд¦Àí£¬½«·Åµ½¶Ô¾ßÌåЭÒétcp·ÖÎöʱÌÖÂÛ*/
   if (!protocol->new(conntrack, skb)) {
     ip_conntrack_free(conntrack);
     return NULL;
}
/*4,expectºÍhelper¾ùºÍ¶¯Ì¬Ð­ÒéÏà¹Ø£¬½«ÔÚ·ÖÎöftpЭÒéʱ×öÖصã½éÉÜ*/
   exp = find_expectation(tuple);
if (exp) {
     …
} else {
     conntrack->helper = __ip_conntrack_helper_find(&repl_tuple);
     CONNTRACK_STAT_INC(new);
}
…
write_unlock_bh(&ip_conntrack_lock);
if (exp) {
     …
}
/*5,½«original tuple·Åµ½unconfirmedÁ´ÉÏ£¿£¿*/   list_add(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL].list, &unconfirmed);
 
4£¬tuplehash_to_ctrack:
tuplehash_to_ctrackÕâ¸öº¯ÊýÖ÷ÒªÓÃÀ´½«È«¾ÖÁ¬½Ó±íÖлñÈ¡µÄhashtupleת»»³ÉÏàÓ¦µÄip_conntrack½á¹¹¡£ËüʹÓÃÁËcontainer_ofÕâ¸öºêÀ´Íê³É´¦ÀíµÄ¡£container_ofͨ¹ý½á¹¹ÖÐij¸ö³ÉÔ±µÄÖ¸Õ룬À´»ñÈ¡½á¹¹µÄÖ¸Õë¡£ËüµÄʵÏַdz£ÓÐȤ£º
/*1,½«½á¹¹ÌåÇ¿ÖÆÔÚ0µØÖ·Õ¹¿ª£¬´Ó¶ø»ñÈ¡ÆämemberµÄÆ«ÒÆÁ¿*/
   #define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
/*2,¸ù¾ÝmemberµÄÖ¸Õëptr£¬¼õÈ¥ÆäÏà¶ÔÆ«ÒÆÁ¿£¬¼´»ñµÃÁËÆäËÞÖ÷½á¹¹conntrackµÄÖ¸Õë*/
   #define container_of(p