linux/net
Pablo Neira Ayuso 60b5f8f745 netfilter: nf_conntrack: permanently attach timeout policy to conntrack
We need to permanently attach the timeout policy to the conntrack,
otherwise we may apply the custom timeout policy inconsistently.

Without this patch, the following example:

 nfct timeout add test inet icmp timeout 100
 iptables -I PREROUTING -t raw -p icmp -s 1.1.1.1 -j CT --timeout test

Will only apply the custom timeout policy to outgoing packets from
1.1.1.1, but not to reply packets from 2.2.2.2 going to 1.1.1.1.

To fix this issue, this patch modifies the current logic to attach the
timeout policy when the first packet is seen (which is when the
conntrack entry is created). Then, we keep using the attached timeout
policy until the conntrack entry is destroyed.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-03-23 00:52:08 +01:00
..
9p virtio: rename virtqueue_add_buf_gfp to virtqueue_add_buf 2012-01-12 15:44:42 +10:30
802 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
8021q vlan: static functions 2011-12-14 02:39:30 -05:00
appletalk net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
atm ppp: Replace uses of <linux/if_ppp.h> with <linux/ppp-ioctl.h> 2012-03-04 20:41:38 -05:00
ax25 ax25: avoid overflows in ax25_setsockopt() 2011-12-28 14:08:08 -05:00
batman-adv Merge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge 2012-03-11 15:36:34 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-03-09 14:34:20 -08:00
caif caif: make zero a legal caif connetion id. 2012-03-11 15:38:16 -07:00
can can: remove references to berlios mailinglist 2011-10-17 19:22:46 -04:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2012-02-02 15:47:33 -08:00
core net: fix napi_reuse_skb() skb reserve 2012-03-21 16:52:09 -04:00
dcb net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
dccp dccp: fix bug in sequence number validation during connection setup 2012-03-03 09:02:52 -07:00
decnet decnet: remove unused variable from dn_output() 2012-02-05 17:44:55 -05:00
dns_resolver KEYS: Allow special keyrings to be cleared 2012-01-19 14:38:51 +11:00
dsa dsa: Move switch drivers to new directory drivers/net/dsa 2011-11-29 00:21:36 -05:00
econet net: Remove all uses of LL_ALLOCATED_SPACE 2011-11-18 14:37:09 -05:00
ethernet eth: reset addr_assign_type if eth_mac_addr() called 2012-02-13 00:46:41 -05:00
ieee802154 net/ieee802154/6lowpan.c: reuse eth_mac_addr() 2012-02-22 14:46:37 -05:00
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
ipv6 ipv6: fix incorrent ipv6 ipsec packet fragment 2012-03-20 05:39:34 -04:00
ipx net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
irda Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
iucv af_iucv: add shutdown for HS transport 2012-03-07 22:52:24 -08:00
key net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
l2tp Fix pppol2tp getsockname() 2012-03-20 16:12:11 -04:00
lapb
llc llc: Fix race condition in llc_ui_recvmsg 2012-01-24 15:33:19 -05:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
netfilter netfilter: nf_conntrack: permanently attach timeout policy to conntrack 2012-03-23 00:52:08 +01:00
netlabel net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
netlink netlink: allow to pass data pointer to netlink_dump_start() callback 2012-02-26 14:10:44 -05:00
netrom netrom: avoid overflows in nr_setsockopt() 2011-12-28 14:08:08 -05:00
nfc NFC: NCI code identation fixes 2012-03-06 15:16:25 -05:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-03-09 14:34:20 -08:00
packet net: Add framework to allow sending packets with customized CRC. 2012-02-24 01:37:35 -08:00
phonet net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
rds Merge branch 'kmap_atomic' of git://github.com/congwang/linux 2012-03-21 09:40:26 -07:00
rfkill Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2012-01-05 10:13:24 -05:00
rose net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rxrpc RxRPC: Fix kcalloc parameters swapped 2012-02-14 14:41:55 -05:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
sctp sctp: Export sctp_do_peeloff 2012-03-08 13:52:08 -08:00
sunrpc sunrpc: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:28 +08:00
tipc tipc: Optimize setting of immutable payload message header fields 2012-02-29 11:45:35 -05:00
unix netlink: add netlink_dump_control structure for netlink_dump_start() 2012-02-26 14:10:06 -05:00
wanrouter wanrouter: Remove kernel_lock annotations 2011-11-07 13:27:30 -05:00
wimax net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
wireless cfg80211: clarify timestamp in cfg80211_inform_bss 2012-03-13 14:54:20 -04:00
x25 net:x25: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xfrm netlink: add netlink_dump_control structure for netlink_dump_start() 2012-02-26 14:10:06 -05:00
compat.c net: get rid of some pointless casts to sockaddr 2012-03-11 19:11:22 -07:00
Kconfig net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
Makefile net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
nonet.c
socket.c net: get rid of some pointless casts to sockaddr 2012-03-11 19:11:22 -07:00
sysctl_net.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00