[NEW TARGET] target for modifying conntrack timeout value
pablo at eurodev.net
Mon Dec 13 22:14:45 CET 2004
>>From: Richard [mailto:richard at o-matrix.org]
>>Sent: Wednesday, December 08, 2004 3:48 PM
>>To: 'Pablo Neira'
>>Cc: 'netfilter-devel at lists.netfilter.org'
>>Subject: RE: [NEW TARGET] target for modifying conntrack timeout value
>>>+ ct->timeout.expires = new_expires;
>>>Hm I thought that I told you to use ip_ct_refresh... you should. Your
>>>target will look smarter and you can forget about proper locking...
>>>which is now completely broken...
>>Thanks for the comments. I made the modification and attached the latest
>>copy. Now it uses ip_ct_refresh. The target first reads the existing
>>expire value, then modify it. If there is something in between, the expire
>>value might get changed. Even worse, the conntrack state might change.
>>That's why I locked it first, then read and write, finally unlock. If it
>>is broken, there is no difference anyway...
>Just wonder if there is any update on this please...
sorry, I'm busy as hell right now. But I'll go through it as soon as I
find some spare time. Reviewing your target is still in my todo list.
Please, be patient.
More information about the netfilter-devel