[NEW TARGET] target for modifying conntrack timeout value

Richard richard at o-matrix.org
Mon Dec 13 22:10:11 CET 2004



> -----Original Message-----
> From: Richard [mailto:richard at o-matrix.org]
> Sent: Wednesday, December 08, 2004 3:48 PM
> To: 'Pablo Neira'
> Cc: 'netfilter-devel at lists.netfilter.org'
> Subject: RE: [NEW TARGET] target for modifying conntrack timeout value
> 
> > +                ct->timeout.expires = new_expires;
> >                   ^^^
> >
> > Hm I thought that I told you to use ip_ct_refresh... you should. Your
> > target will look smarter and you can forget about proper locking...
> > which is now completely broken...
> 
> Hi Pablo,
> 
> Thanks for the comments. I made the modification and attached the latest
> copy. Now it uses ip_ct_refresh. The target first reads the existing
> expire value, then modify it. If there is something in between, the expire
> value might get changed. Even worse, the conntrack state might change.
> That's why I locked it first, then read and write, finally unlock. If it
> is broken, there is no difference anyway...
> 

Just wonder if there is any update on this please...

Thanks,
Richard





More information about the netfilter-devel mailing list