mirror of
https://github.com/torvalds/linux.git
synced 2024-12-27 05:11:48 +00:00
[NETFILTER]: conntrack: add fixed timeout flag in connection tracking
Add a flag in a connection status to have a non updated timeout. This permits to have connection that automatically die at a given time. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
39a27a35c5
commit
997ae831ad
@ -69,6 +69,10 @@ enum ip_conntrack_status {
|
|||||||
/* Connection is dying (removed from lists), can not be unset. */
|
/* Connection is dying (removed from lists), can not be unset. */
|
||||||
IPS_DYING_BIT = 9,
|
IPS_DYING_BIT = 9,
|
||||||
IPS_DYING = (1 << IPS_DYING_BIT),
|
IPS_DYING = (1 << IPS_DYING_BIT),
|
||||||
|
|
||||||
|
/* Connection has fixed timeout. */
|
||||||
|
IPS_FIXED_TIMEOUT_BIT = 10,
|
||||||
|
IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Connection tracking event bits */
|
/* Connection tracking event bits */
|
||||||
|
@ -1130,6 +1130,12 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct,
|
|||||||
|
|
||||||
write_lock_bh(&ip_conntrack_lock);
|
write_lock_bh(&ip_conntrack_lock);
|
||||||
|
|
||||||
|
/* Only update if this is not a fixed timeout */
|
||||||
|
if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
|
||||||
|
write_unlock_bh(&ip_conntrack_lock);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/* If not in hash table, timer will not be active yet */
|
/* If not in hash table, timer will not be active yet */
|
||||||
if (!is_confirmed(ct)) {
|
if (!is_confirmed(ct)) {
|
||||||
ct->timeout.expires = extra_jiffies;
|
ct->timeout.expires = extra_jiffies;
|
||||||
|
@ -1396,6 +1396,12 @@ void __nf_ct_refresh_acct(struct nf_conn *ct,
|
|||||||
|
|
||||||
write_lock_bh(&nf_conntrack_lock);
|
write_lock_bh(&nf_conntrack_lock);
|
||||||
|
|
||||||
|
/* Only update if this is not a fixed timeout */
|
||||||
|
if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
|
||||||
|
write_unlock_bh(&nf_conntrack_lock);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/* If not in hash table, timer will not be active yet */
|
/* If not in hash table, timer will not be active yet */
|
||||||
if (!nf_ct_is_confirmed(ct)) {
|
if (!nf_ct_is_confirmed(ct)) {
|
||||||
ct->timeout.expires = extra_jiffies;
|
ct->timeout.expires = extra_jiffies;
|
||||||
|
Loading…
Reference in New Issue
Block a user