diff options
author | Eric Leblond <eric@inl.fr> | 2006-05-29 21:24:20 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-06-18 00:28:59 -0400 |
commit | 997ae831ade74bdaed4172b1c02060b9efd6e206 (patch) | |
tree | feca25f5c27c47724ecfbcc66f4f437619fb57ed | |
parent | 39a27a35c5c1b5be499a0576a35c45a011788bf8 (diff) |
[NETFILTER]: conntrack: add fixed timeout flag in connection tracking
Add a flag in a connection status to have a non updated timeout.
This permits to have connection that automatically die at a given
time.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/netfilter/nf_conntrack_common.h | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 6 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 6 |
3 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index 3ff88c878308..d2e4bd7a7a14 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h | |||
@@ -69,6 +69,10 @@ enum ip_conntrack_status { | |||
69 | /* Connection is dying (removed from lists), can not be unset. */ | 69 | /* Connection is dying (removed from lists), can not be unset. */ |
70 | IPS_DYING_BIT = 9, | 70 | IPS_DYING_BIT = 9, |
71 | IPS_DYING = (1 << IPS_DYING_BIT), | 71 | IPS_DYING = (1 << IPS_DYING_BIT), |
72 | |||
73 | /* Connection has fixed timeout. */ | ||
74 | IPS_FIXED_TIMEOUT_BIT = 10, | ||
75 | IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT), | ||
72 | }; | 76 | }; |
73 | 77 | ||
74 | /* Connection tracking event bits */ | 78 | /* Connection tracking event bits */ |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index a297da7bbef5..4fe9e69378df 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -1130,6 +1130,12 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
1130 | 1130 | ||
1131 | write_lock_bh(&ip_conntrack_lock); | 1131 | write_lock_bh(&ip_conntrack_lock); |
1132 | 1132 | ||
1133 | /* Only update if this is not a fixed timeout */ | ||
1134 | if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) { | ||
1135 | write_unlock_bh(&ip_conntrack_lock); | ||
1136 | return; | ||
1137 | } | ||
1138 | |||
1133 | /* If not in hash table, timer will not be active yet */ | 1139 | /* If not in hash table, timer will not be active yet */ |
1134 | if (!is_confirmed(ct)) { | 1140 | if (!is_confirmed(ct)) { |
1135 | ct->timeout.expires = extra_jiffies; | 1141 | ct->timeout.expires = extra_jiffies; |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index f9b83f91371a..bc2bd4c3859e 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -1396,6 +1396,12 @@ void __nf_ct_refresh_acct(struct nf_conn *ct, | |||
1396 | 1396 | ||
1397 | write_lock_bh(&nf_conntrack_lock); | 1397 | write_lock_bh(&nf_conntrack_lock); |
1398 | 1398 | ||
1399 | /* Only update if this is not a fixed timeout */ | ||
1400 | if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) { | ||
1401 | write_unlock_bh(&nf_conntrack_lock); | ||
1402 | return; | ||
1403 | } | ||
1404 | |||
1399 | /* If not in hash table, timer will not be active yet */ | 1405 | /* If not in hash table, timer will not be active yet */ |
1400 | if (!nf_ct_is_confirmed(ct)) { | 1406 | if (!nf_ct_is_confirmed(ct)) { |
1401 | ct->timeout.expires = extra_jiffies; | 1407 | ct->timeout.expires = extra_jiffies; |