aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Leblond <eric@inl.fr>2006-05-29 21:24:20 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-06-18 00:28:59 -0400
commit997ae831ade74bdaed4172b1c02060b9efd6e206 (patch)
treefeca25f5c27c47724ecfbcc66f4f437619fb57ed
parent39a27a35c5c1b5be499a0576a35c45a011788bf8 (diff)
[NETFILTER]: conntrack: add fixed timeout flag in connection tracking
Add a flag in a connection status to have a non updated timeout. This permits to have connection that automatically die at a given time. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h4
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c6
-rw-r--r--net/netfilter/nf_conntrack_core.c6
3 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index 3ff88c878308..d2e4bd7a7a14 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -69,6 +69,10 @@ enum ip_conntrack_status {
69 /* Connection is dying (removed from lists), can not be unset. */ 69 /* Connection is dying (removed from lists), can not be unset. */
70 IPS_DYING_BIT = 9, 70 IPS_DYING_BIT = 9,
71 IPS_DYING = (1 << IPS_DYING_BIT), 71 IPS_DYING = (1 << IPS_DYING_BIT),
72
73 /* Connection has fixed timeout. */
74 IPS_FIXED_TIMEOUT_BIT = 10,
75 IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
72}; 76};
73 77
74/* Connection tracking event bits */ 78/* Connection tracking event bits */
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index a297da7bbef5..4fe9e69378df 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1130,6 +1130,12 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct,
1130 1130
1131 write_lock_bh(&ip_conntrack_lock); 1131 write_lock_bh(&ip_conntrack_lock);
1132 1132
1133 /* Only update if this is not a fixed timeout */
1134 if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
1135 write_unlock_bh(&ip_conntrack_lock);
1136 return;
1137 }
1138
1133 /* If not in hash table, timer will not be active yet */ 1139 /* If not in hash table, timer will not be active yet */
1134 if (!is_confirmed(ct)) { 1140 if (!is_confirmed(ct)) {
1135 ct->timeout.expires = extra_jiffies; 1141 ct->timeout.expires = extra_jiffies;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index f9b83f91371a..bc2bd4c3859e 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1396,6 +1396,12 @@ void __nf_ct_refresh_acct(struct nf_conn *ct,
1396 1396
1397 write_lock_bh(&nf_conntrack_lock); 1397 write_lock_bh(&nf_conntrack_lock);
1398 1398
1399 /* Only update if this is not a fixed timeout */
1400 if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
1401 write_unlock_bh(&nf_conntrack_lock);
1402 return;
1403 }
1404
1399 /* If not in hash table, timer will not be active yet */ 1405 /* If not in hash table, timer will not be active yet */
1400 if (!nf_ct_is_confirmed(ct)) { 1406 if (!nf_ct_is_confirmed(ct)) {
1401 ct->timeout.expires = extra_jiffies; 1407 ct->timeout.expires = extra_jiffies;