Commit 997ae831 authored by Eric Leblond's avatar Eric Leblond Committed by David S. Miller
Browse files

[NETFILTER]: conntrack: add fixed timeout flag in connection tracking



Add a flag in a connection status to have a non updated timeout.
This permits to have connection that automatically die at a given
time.
Signed-off-by: default avatarEric Leblond <eric@inl.fr>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 39a27a35
...@@ -69,6 +69,10 @@ enum ip_conntrack_status { ...@@ -69,6 +69,10 @@ enum ip_conntrack_status {
/* Connection is dying (removed from lists), can not be unset. */ /* Connection is dying (removed from lists), can not be unset. */
IPS_DYING_BIT = 9, IPS_DYING_BIT = 9,
IPS_DYING = (1 << IPS_DYING_BIT), IPS_DYING = (1 << IPS_DYING_BIT),
/* Connection has fixed timeout. */
IPS_FIXED_TIMEOUT_BIT = 10,
IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
}; };
/* Connection tracking event bits */ /* Connection tracking event bits */
......
...@@ -1130,6 +1130,12 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, ...@@ -1130,6 +1130,12 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct,
write_lock_bh(&ip_conntrack_lock); write_lock_bh(&ip_conntrack_lock);
/* Only update if this is not a fixed timeout */
if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
write_unlock_bh(&ip_conntrack_lock);
return;
}
/* If not in hash table, timer will not be active yet */ /* If not in hash table, timer will not be active yet */
if (!is_confirmed(ct)) { if (!is_confirmed(ct)) {
ct->timeout.expires = extra_jiffies; ct->timeout.expires = extra_jiffies;
......
...@@ -1396,6 +1396,12 @@ void __nf_ct_refresh_acct(struct nf_conn *ct, ...@@ -1396,6 +1396,12 @@ void __nf_ct_refresh_acct(struct nf_conn *ct,
write_lock_bh(&nf_conntrack_lock); write_lock_bh(&nf_conntrack_lock);
/* Only update if this is not a fixed timeout */
if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
write_unlock_bh(&nf_conntrack_lock);
return;
}
/* If not in hash table, timer will not be active yet */ /* If not in hash table, timer will not be active yet */
if (!nf_ct_is_confirmed(ct)) { if (!nf_ct_is_confirmed(ct)) {
ct->timeout.expires = extra_jiffies; ct->timeout.expires = extra_jiffies;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment