check timer active
Pablo Neira
pablo at eurodev.net
Sun Dec 5 22:00:25 CET 2004
Richard wrote:
>> Hi,
>>
>>On Sat, 2004-12-04 at 15:55 +0100, Henrik Nordstrom wrote:
>>
>>
>>>>ct->timeout->list.next != NULL
>>>>
>>>>test_bit(IPS_CONFIRMED_BIT, &ct->status)
>>>>
>>>>
>>>The two is at most if not all times equal as all active conntrack
>>>
>>>
>>entries
>>
>>
>>>have a timeout of some sort, but maybe it is possible for the timeout to
>>>be established before the conntrack becomes confirmed or something..
>>>
>>>
>> It is definitely possible if you use ct_sync. Replicated entries on
>>the slave nodes do not have their timers started, but are in the hash
>>tables.
>>
>>
>>
>
>I am writing a new target to manipulate the expire value of a conntrack,
>i.e. (ct->timeout.expires). If the expire timeout is not fired, it uses the
>timeout value. If it is, it uses jiffies+timeout. In order to check what
>state it is at, I'd use "ct->timeout->list.next!=NULL)", right?
>
>
better use ip_ct_refresh_acct to manipulate a conntrack timer.
--
Pablo
More information about the netfilter-devel
mailing list