]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: conntrack: add fixed timeout flag in connection tracking
authorEric Leblond <eric@inl.fr>
Tue, 30 May 2006 01:24:20 +0000 (18:24 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Sun, 18 Jun 2006 04:28:59 +0000 (21:28 -0700)
Add a flag in a connection status to have a non updated timeout.
This permits to have connection that automatically die at a given
time.

Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/netfilter/nf_conntrack_common.h
net/ipv4/netfilter/ip_conntrack_core.c
net/netfilter/nf_conntrack_core.c

index 3ff88c8783083fc620a880ecfbdb44d7840cc8f2..d2e4bd7a7a1423b9c23a12f4e048cc89cb391b3a 100644 (file)
@@ -69,6 +69,10 @@ enum ip_conntrack_status {
        /* Connection is dying (removed from lists), can not be unset. */
        IPS_DYING_BIT = 9,
        IPS_DYING = (1 << IPS_DYING_BIT),
+
+       /* Connection has fixed timeout. */
+       IPS_FIXED_TIMEOUT_BIT = 10,
+       IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
 };
 
 /* Connection tracking event bits */
index a297da7bbef5dc735d1c68d57fe35b1db901d820..4fe9e69378dfce7dbd729ab6b561899581891d51 100644 (file)
@@ -1130,6 +1130,12 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct,
 
        write_lock_bh(&ip_conntrack_lock);
 
+       /* Only update if this is not a fixed timeout */
+       if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
+               write_unlock_bh(&ip_conntrack_lock);
+               return;
+       }
+
        /* If not in hash table, timer will not be active yet */
        if (!is_confirmed(ct)) {
                ct->timeout.expires = extra_jiffies;
index f9b83f91371ac27ac2c127fea81ed0bbc6e4f0c5..bc2bd4c3859eb23c8cbcf0f8d378bb51cbb74767 100644 (file)
@@ -1396,6 +1396,12 @@ void __nf_ct_refresh_acct(struct nf_conn *ct,
 
        write_lock_bh(&nf_conntrack_lock);
 
+       /* Only update if this is not a fixed timeout */
+       if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
+               write_unlock_bh(&nf_conntrack_lock);
+               return;
+       }
+
        /* If not in hash table, timer will not be active yet */
        if (!nf_ct_is_confirmed(ct)) {
                ct->timeout.expires = extra_jiffies;