[PATCH] Fixed timeout for connections

[Eric Leblond]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This set of patches is an implementation of the feature discussed in :
https://lists.netfilter.org/pipermail/netfilter-devel/2006-January/023127.html

Basically, it adds the capability a fixed conntrack timeout from
userspace to be able to define an efficient connection expiration policy.

It only applies for now on ip_conntrack. I will work on nf_conntrack
support afterward if the current code seems correct.

The option -T has been added to the conntrack tool. The command :
 conntrack -U -p tcp -s 192.168.1.2 -d 81.8.121.136 \\
 --orig-port-src 33880 --orig-port-dst 993 -T 300
will force the connection to be destroyed 300 seconds after the call.

fixed_timeout.patch applies to linux git tree
libnetfilter_conntrack_fixed_timeout.patch to libnetfilter_conntrack svn
conntrack_fixed_timeout.patch to conntrack svn

Best regards,
- --
Eric Leblond


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD5TYOnxA7CdMWjzIRArFcAKCSY2jCP8upI+fon2c5u8xUEgc2jgCfYaX/
pcq6hw4hbx0bRs2TMCojpoE=
=+FUO
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fixed_timeout.patch
Type: text/x-patch
Size: 6527 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20060205/b838daf8/fixed_timeout.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libnetfilter_conntrack_fixed_timeout.patch
Type: text/x-patch
Size: 3867 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20060205/b838daf8/libnetfilter_conntrack_fixed_timeout.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: conntrack_fixed_timeout.patch
Type: text/x-patch
Size: 3326 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20060205/b838daf8/conntrack_fixed_timeout.bin