diff options
author | Patrick McHardy <kaber@trash.net> | 2005-09-06 18:06:42 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-09-06 18:06:42 -0400 |
commit | 2248bcfcd8fb622ec88b8587d0c1f139635ffd2e (patch) | |
tree | d3b38076592384bfb69b526f5ec3a8c2222fd4cd /net | |
parent | 9261c9b042547d01eeb206cf0e21ce72832245ec (diff) |
[NETFILTER]: Add support for permanent expectations
A permanent expectation exists until timeing out and can expect
multiple related connections.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_amanda.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 12 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_ftp.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_irc.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_tftp.c | 1 |
6 files changed, 13 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c index be4c9eb3243f..dc20881004bc 100644 --- a/net/ipv4/netfilter/ip_conntrack_amanda.c +++ b/net/ipv4/netfilter/ip_conntrack_amanda.c | |||
@@ -108,6 +108,7 @@ static int help(struct sk_buff **pskb, | |||
108 | } | 108 | } |
109 | 109 | ||
110 | exp->expectfn = NULL; | 110 | exp->expectfn = NULL; |
111 | exp->flags = 0; | ||
111 | 112 | ||
112 | exp->tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; | 113 | exp->tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; |
113 | exp->tuple.src.u.tcp.port = 0; | 114 | exp->tuple.src.u.tcp.port = 0; |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index a0648600190e..e23e8ca476c0 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -264,10 +264,14 @@ find_expectation(const struct ip_conntrack_tuple *tuple) | |||
264 | master ct never got confirmed, we'd hold a reference to it | 264 | master ct never got confirmed, we'd hold a reference to it |
265 | and weird things would happen to future packets). */ | 265 | and weird things would happen to future packets). */ |
266 | if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask) | 266 | if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask) |
267 | && is_confirmed(i->master) | 267 | && is_confirmed(i->master)) { |
268 | && del_timer(&i->timeout)) { | 268 | if (i->flags & IP_CT_EXPECT_PERMANENT) { |
269 | unlink_expect(i); | 269 | atomic_inc(&i->use); |
270 | return i; | 270 | return i; |
271 | } else if (del_timer(&i->timeout)) { | ||
272 | unlink_expect(i); | ||
273 | return i; | ||
274 | } | ||
271 | } | 275 | } |
272 | } | 276 | } |
273 | return NULL; | 277 | return NULL; |
diff --git a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c index 3a2627db1729..1b79ec36085f 100644 --- a/net/ipv4/netfilter/ip_conntrack_ftp.c +++ b/net/ipv4/netfilter/ip_conntrack_ftp.c | |||
@@ -421,6 +421,7 @@ static int help(struct sk_buff **pskb, | |||
421 | { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }}); | 421 | { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }}); |
422 | 422 | ||
423 | exp->expectfn = NULL; | 423 | exp->expectfn = NULL; |
424 | exp->flags = 0; | ||
424 | 425 | ||
425 | /* Now, NAT might want to mangle the packet, and register the | 426 | /* Now, NAT might want to mangle the packet, and register the |
426 | * (possibly changed) expectation itself. */ | 427 | * (possibly changed) expectation itself. */ |
diff --git a/net/ipv4/netfilter/ip_conntrack_irc.c b/net/ipv4/netfilter/ip_conntrack_irc.c index 25438eec21a1..d7a8a98c05e1 100644 --- a/net/ipv4/netfilter/ip_conntrack_irc.c +++ b/net/ipv4/netfilter/ip_conntrack_irc.c | |||
@@ -221,6 +221,7 @@ static int help(struct sk_buff **pskb, | |||
221 | { { 0, { 0 } }, | 221 | { { 0, { 0 } }, |
222 | { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }}); | 222 | { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }}); |
223 | exp->expectfn = NULL; | 223 | exp->expectfn = NULL; |
224 | exp->flags = 0; | ||
224 | if (ip_nat_irc_hook) | 225 | if (ip_nat_irc_hook) |
225 | ret = ip_nat_irc_hook(pskb, ctinfo, | 226 | ret = ip_nat_irc_hook(pskb, ctinfo, |
226 | addr_beg_p - ib_ptr, | 227 | addr_beg_p - ib_ptr, |
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index a4e9278db4ed..3dc3a7bab3b4 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c | |||
@@ -1413,6 +1413,7 @@ ctnetlink_create_expect(struct nfattr *cda[]) | |||
1413 | } | 1413 | } |
1414 | 1414 | ||
1415 | exp->expectfn = NULL; | 1415 | exp->expectfn = NULL; |
1416 | exp->flags = 0; | ||
1416 | exp->master = ct; | 1417 | exp->master = ct; |
1417 | memcpy(&exp->tuple, &tuple, sizeof(struct ip_conntrack_tuple)); | 1418 | memcpy(&exp->tuple, &tuple, sizeof(struct ip_conntrack_tuple)); |
1418 | memcpy(&exp->mask, &mask, sizeof(struct ip_conntrack_tuple)); | 1419 | memcpy(&exp->mask, &mask, sizeof(struct ip_conntrack_tuple)); |
diff --git a/net/ipv4/netfilter/ip_conntrack_tftp.c b/net/ipv4/netfilter/ip_conntrack_tftp.c index f8ff170f390a..d2b590533452 100644 --- a/net/ipv4/netfilter/ip_conntrack_tftp.c +++ b/net/ipv4/netfilter/ip_conntrack_tftp.c | |||
@@ -75,6 +75,7 @@ static int tftp_help(struct sk_buff **pskb, | |||
75 | exp->mask.dst.u.udp.port = 0xffff; | 75 | exp->mask.dst.u.udp.port = 0xffff; |
76 | exp->mask.dst.protonum = 0xff; | 76 | exp->mask.dst.protonum = 0xff; |
77 | exp->expectfn = NULL; | 77 | exp->expectfn = NULL; |
78 | exp->flags = 0; | ||
78 | 79 | ||
79 | DEBUGP("expect: "); | 80 | DEBUGP("expect: "); |
80 | DUMP_TUPLE(&exp->tuple); | 81 | DUMP_TUPLE(&exp->tuple); |