diff options
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index 7c05e7eacbc6..2eb9751eb7a8 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | |||
| @@ -88,25 +88,31 @@ static int icmpv6_print_tuple(struct seq_file *s, | |||
| 88 | ntohs(tuple->src.u.icmp.id)); | 88 | ntohs(tuple->src.u.icmp.id)); |
| 89 | } | 89 | } |
| 90 | 90 | ||
| 91 | static unsigned int *icmpv6_get_timeouts(struct net *net) | ||
| 92 | { | ||
| 93 | return &nf_ct_icmpv6_timeout; | ||
| 94 | } | ||
| 95 | |||
| 91 | /* Returns verdict for packet, or -1 for invalid. */ | 96 | /* Returns verdict for packet, or -1 for invalid. */ |
| 92 | static int icmpv6_packet(struct nf_conn *ct, | 97 | static int icmpv6_packet(struct nf_conn *ct, |
| 93 | const struct sk_buff *skb, | 98 | const struct sk_buff *skb, |
| 94 | unsigned int dataoff, | 99 | unsigned int dataoff, |
| 95 | enum ip_conntrack_info ctinfo, | 100 | enum ip_conntrack_info ctinfo, |
| 96 | u_int8_t pf, | 101 | u_int8_t pf, |
| 97 | unsigned int hooknum) | 102 | unsigned int hooknum, |
| 103 | unsigned int *timeout) | ||
| 98 | { | 104 | { |
| 99 | /* Do not immediately delete the connection after the first | 105 | /* Do not immediately delete the connection after the first |
| 100 | successful reply to avoid excessive conntrackd traffic | 106 | successful reply to avoid excessive conntrackd traffic |
| 101 | and also to handle correctly ICMP echo reply duplicates. */ | 107 | and also to handle correctly ICMP echo reply duplicates. */ |
| 102 | nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_icmpv6_timeout); | 108 | nf_ct_refresh_acct(ct, ctinfo, skb, *timeout); |
| 103 | 109 | ||
| 104 | return NF_ACCEPT; | 110 | return NF_ACCEPT; |
| 105 | } | 111 | } |
| 106 | 112 | ||
| 107 | /* Called when a new connection for this protocol found. */ | 113 | /* Called when a new connection for this protocol found. */ |
| 108 | static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb, | 114 | static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb, |
| 109 | unsigned int dataoff) | 115 | unsigned int dataoff, unsigned int *timeouts) |
| 110 | { | 116 | { |
| 111 | static const u_int8_t valid_new[] = { | 117 | static const u_int8_t valid_new[] = { |
| 112 | [ICMPV6_ECHO_REQUEST - 128] = 1, | 118 | [ICMPV6_ECHO_REQUEST - 128] = 1, |
| @@ -293,6 +299,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly = | |||
| 293 | .invert_tuple = icmpv6_invert_tuple, | 299 | .invert_tuple = icmpv6_invert_tuple, |
| 294 | .print_tuple = icmpv6_print_tuple, | 300 | .print_tuple = icmpv6_print_tuple, |
| 295 | .packet = icmpv6_packet, | 301 | .packet = icmpv6_packet, |
| 302 | .get_timeouts = icmpv6_get_timeouts, | ||
| 296 | .new = icmpv6_new, | 303 | .new = icmpv6_new, |
| 297 | .error = icmpv6_error, | 304 | .error = icmpv6_error, |
| 298 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 305 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |