[NEW TARGET] target for modifying conntrack timeout value

Richard richard at o-matrix.org
Thu Dec 9 02:47:37 CET 2004


> +                ct->timeout.expires = new_expires;
>                   ^^^
> 
> Hm I thought that I told you to use ip_ct_refresh... you should. Your
> target will look smarter and you can forget about proper locking...
> which is now completely broken...

Hi Pablo,

Thanks for the comments. I made the modification and attached the latest
copy. Now it uses ip_ct_refresh. The target first reads the existing expire
value, then modify it. If there is something in between, the expire value
might get changed. Even worse, the conntrack state might change. That's why
I locked it first, then read and write, finally unlock. If it is broken,
there is no difference anyway...

Regards,
Richard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: CTEXPIRE.diff
Type: application/octet-stream
Size: 13975 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20041208/375f3ad1/CTEXPIRE-0001.obj


More information about the netfilter-devel mailing list