tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nf_conntrack: add nf_ct_timeout_lookup
This patch adds the new nf_ct_timeout_lookup function to encapsulate
the timeout policy attachment that is called in the nf_conntrack_in
path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+21
-6
+20
include/net/netfilter/nf_conntrack_timeout.h
+20
include/net/netfilter/nf_conntrack_timeout.h
···
55
55
#endif
56
56
};
57
57
58
+
static inline unsigned int *
59
+
nf_ct_timeout_lookup(struct net *net, struct nf_conn *ct,
60
+
struct nf_conntrack_l4proto *l4proto)
61
+
{
62
+
#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
63
+
struct nf_conn_timeout *timeout_ext;
64
+
unsigned int *timeouts;
65
+
66
+
timeout_ext = nf_ct_timeout_find(ct);
67
+
if (timeout_ext)
68
+
timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);
69
+
else
70
+
timeouts = l4proto->get_timeouts(net);
71
+
72
+
return timeouts;
73
+
#else
74
+
return l4proto->get_timeouts(net);
75
+
#endif
76
+
}
77
+
58
78
#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
59
79
extern int nf_conntrack_timeout_init(struct net *net);
60
80
extern void nf_conntrack_timeout_fini(struct net *net);
+1
-6
net/netfilter/nf_conntrack_core.c
+1
-6
net/netfilter/nf_conntrack_core.c
···
930
930
enum ip_conntrack_info ctinfo;
931
931
struct nf_conntrack_l3proto *l3proto;
932
932
struct nf_conntrack_l4proto *l4proto;
933
-
struct nf_conn_timeout *timeout_ext;
934
933
unsigned int *timeouts;
935
934
unsigned int dataoff;
936
935
u_int8_t protonum;
···
996
997
NF_CT_ASSERT(skb->nfct);
997
998
998
999
/* Decide what timeout policy we want to apply to this flow. */
999
-
timeout_ext = nf_ct_timeout_find(ct);
1000
-
if (timeout_ext)
1001
-
timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);
1002
-
else
1003
-
timeouts = l4proto->get_timeouts(net);
1000
+
timeouts = nf_ct_timeout_lookup(net, ct, l4proto);
1004
1001
1005
1002
ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum, timeouts);
1006
1003
if (ret <= 0) {