1 files changed, 64 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 70e005992d5..a9073dc1548 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -152,6 +152,52 @@ static int udp_error(struct net *net, struct nf_conn *tmpl, struct sk_buff *skb,
        return NF_ACCEPT;
 }
+#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#include <linux/netfilter/nfnetlink.h>
+#include <linux/netfilter/nfnetlink_cttimeout.h>
+static int udp_timeout_nlattr_to_obj(struct nlattr *tb[], void *data)
+{
+        unsigned int *timeouts = data;
+        /* set default timeouts for UDP. */
+        timeouts[UDP_CT_UNREPLIED] = udp_timeouts[UDP_CT_UNREPLIED];
+        timeouts[UDP_CT_REPLIED] = udp_timeouts[UDP_CT_REPLIED];
+        if (tb[CTA_TIMEOUT_UDP_UNREPLIED]) {
+                timeouts[UDP_CT_UNREPLIED] =
+                        ntohl(nla_get_be32(tb[CTA_TIMEOUT_UDP_UNREPLIED])) * HZ;
+        }
+        if (tb[CTA_TIMEOUT_UDP_REPLIED]) {
+                timeouts[UDP_CT_REPLIED] =
+                        ntohl(nla_get_be32(tb[CTA_TIMEOUT_UDP_REPLIED])) * HZ;
+        }
+        return 0;
+}
+static int
+udp_timeout_obj_to_nlattr(struct sk_buff *skb, const void *data)
+{
+        const unsigned int *timeouts = data;
+        NLA_PUT_BE32(skb, CTA_TIMEOUT_UDP_UNREPLIED,
+                        htonl(timeouts[UDP_CT_UNREPLIED] / HZ));
+        NLA_PUT_BE32(skb, CTA_TIMEOUT_UDP_REPLIED,
+                        htonl(timeouts[UDP_CT_REPLIED] / HZ));
+        return 0;
+nla_put_failure:
+        return -ENOSPC;
+}
+static const struct nla_policy
+udp_timeout_nla_policy[CTA_TIMEOUT_UDP_MAX+1] = {
+       [CTA_TIMEOUT_UDP_UNREPLIED]      = { .type = NLA_U32 },
+       [CTA_TIMEOUT_UDP_REPLIED]        = { .type = NLA_U32 },
+};
+#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
 #ifdef CONFIG_SYSCTL
 static unsigned int udp_sysctl_table_users;
 static struct ctl_table_header *udp_sysctl_header;
@@ -211,6 +257,15 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly =
        .nlattr_tuple_size      = nf_ct_port_nlattr_tuple_size,
        .nla_policy             = nf_ct_port_nla_policy,
 #endif
+#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+        .ctnl_timeout           = {
+                .nlattr_to_obj  = udp_timeout_nlattr_to_obj,
+                .obj_to_nlattr  = udp_timeout_obj_to_nlattr,
+                .nlattr_max     = CTA_TIMEOUT_UDP_MAX,
+                .obj_size       = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
+                .nla_policy     = udp_timeout_nla_policy,
+        },
+#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
 #ifdef CONFIG_SYSCTL
        .ctl_table_users        = &udp_sysctl_table_users,
        .ctl_table_header       = &udp_sysctl_header,
@@ -240,6 +295,15 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 __read_mostly =
        .nlattr_tuple_size      = nf_ct_port_nlattr_tuple_size,
        .nla_policy             = nf_ct_port_nla_policy,
 #endif
+#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+        .ctnl_timeout           = {
+                .nlattr_to_obj  = udp_timeout_nlattr_to_obj,
+                .obj_to_nlattr  = udp_timeout_obj_to_nlattr,
+                .nlattr_max     = CTA_TIMEOUT_UDP_MAX,
+                .obj_size       = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
+                .nla_policy     = udp_timeout_nla_policy,
+        },
+#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
 #ifdef CONFIG_SYSCTL
        .ctl_table_users        = &udp_sysctl_table_users,
        .ctl_table_header       = &udp_sysctl_header,

diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c index 70e005992d5..a9073dc1548 100644 --- a/net/netfilter/nf_conntrack_proto_udp.c +++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -152,6 +152,52 @@ static int udp_error(struct net net, struct nf_conn tmpl, struct sk_buff *skb,
152	return NF_ACCEPT;	152	return NF_ACCEPT;
153	}	153	}
154		154
		155	#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
		156
		157	#include <linux/netfilter/nfnetlink.h>
		158	#include <linux/netfilter/nfnetlink_cttimeout.h>
		159
		160	static int udp_timeout_nlattr_to_obj(struct nlattr tb[], void data)
		161	{
		162	unsigned int *timeouts = data;
		163
		164	/* set default timeouts for UDP. */
		165	timeouts[UDP_CT_UNREPLIED] = udp_timeouts[UDP_CT_UNREPLIED];
		166	timeouts[UDP_CT_REPLIED] = udp_timeouts[UDP_CT_REPLIED];
		167
		168	if (tb[CTA_TIMEOUT_UDP_UNREPLIED]) {
		169	timeouts[UDP_CT_UNREPLIED] =
		170	ntohl(nla_get_be32(tb[CTA_TIMEOUT_UDP_UNREPLIED])) * HZ;
		171	}
		172	if (tb[CTA_TIMEOUT_UDP_REPLIED]) {
		173	timeouts[UDP_CT_REPLIED] =
		174	ntohl(nla_get_be32(tb[CTA_TIMEOUT_UDP_REPLIED])) * HZ;
		175	}
		176	return 0;
		177	}
		178
		179	static int
		180	udp_timeout_obj_to_nlattr(struct sk_buff skb, const void data)
		181	{
		182	const unsigned int *timeouts = data;
		183
		184	NLA_PUT_BE32(skb, CTA_TIMEOUT_UDP_UNREPLIED,
		185	htonl(timeouts[UDP_CT_UNREPLIED] / HZ));
		186	NLA_PUT_BE32(skb, CTA_TIMEOUT_UDP_REPLIED,
		187	htonl(timeouts[UDP_CT_REPLIED] / HZ));
		188	return 0;
		189
		190	nla_put_failure:
		191	return -ENOSPC;
		192	}
		193
		194	static const struct nla_policy
		195	udp_timeout_nla_policy[CTA_TIMEOUT_UDP_MAX+1] = {
		196	[CTA_TIMEOUT_UDP_UNREPLIED] = { .type = NLA_U32 },
		197	[CTA_TIMEOUT_UDP_REPLIED] = { .type = NLA_U32 },
		198	};
		199	#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
		200
155	#ifdef CONFIG_SYSCTL	201	#ifdef CONFIG_SYSCTL
156	static unsigned int udp_sysctl_table_users;	202	static unsigned int udp_sysctl_table_users;
157	static struct ctl_table_header *udp_sysctl_header;	203	static struct ctl_table_header *udp_sysctl_header;
@@ -211,6 +257,15 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly =
211	.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,	257	.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
212	.nla_policy = nf_ct_port_nla_policy,	258	.nla_policy = nf_ct_port_nla_policy,
213	#endif	259	#endif
		260	#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
		261	.ctnl_timeout = {
		262	.nlattr_to_obj = udp_timeout_nlattr_to_obj,
		263	.obj_to_nlattr = udp_timeout_obj_to_nlattr,
		264	.nlattr_max = CTA_TIMEOUT_UDP_MAX,
		265	.obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
		266	.nla_policy = udp_timeout_nla_policy,
		267	},
		268	#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
214	#ifdef CONFIG_SYSCTL	269	#ifdef CONFIG_SYSCTL
215	.ctl_table_users = &udp_sysctl_table_users,	270	.ctl_table_users = &udp_sysctl_table_users,
216	.ctl_table_header = &udp_sysctl_header,	271	.ctl_table_header = &udp_sysctl_header,
@@ -240,6 +295,15 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 __read_mostly =
240	.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,	295	.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
241	.nla_policy = nf_ct_port_nla_policy,	296	.nla_policy = nf_ct_port_nla_policy,
242	#endif	297	#endif
		298	#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
		299	.ctnl_timeout = {
		300	.nlattr_to_obj = udp_timeout_nlattr_to_obj,
		301	.obj_to_nlattr = udp_timeout_obj_to_nlattr,
		302	.nlattr_max = CTA_TIMEOUT_UDP_MAX,
		303	.obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
		304	.nla_policy = udp_timeout_nla_policy,
		305	},
		306	#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
243	#ifdef CONFIG_SYSCTL	307	#ifdef CONFIG_SYSCTL
244	.ctl_table_users = &udp_sysctl_table_users,	308	.ctl_table_users = &udp_sysctl_table_users,
245	.ctl_table_header = &udp_sysctl_header,	309	.ctl_table_header = &udp_sysctl_header,