[netfilter-cvslog] r3709 -
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter
laforge at netfilter.org
laforge at netfilter.org
Tue Feb 15 04:21:30 CET 2005
Author: laforge at netfilter.org
Date: 2005-02-15 04:21:29 +0100 (Tue, 15 Feb 2005)
New Revision: 3709
Modified:
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c
Log:
[NETFILTER]: Make expectations timeouts compulsory
This patch simplifies the code by always having expectation timeouts.
Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c 2005-02-15 03:17:44 UTC (rev 3708)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c 2005-02-15 03:21:29 UTC (rev 3709)
@@ -395,7 +395,7 @@
and weird things would happen to future packets). */
if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)
&& is_confirmed(i->master)
- && (!i->timeout.function || del_timer(&i->timeout))) {
+ && del_timer(&i->timeout)) {
unlink_expect(i);
return i;
}
@@ -413,8 +413,7 @@
return;
list_for_each_entry_safe(i, tmp, &nf_conntrack_expect_list, list) {
- if (i->master == ct
- && (!i->timeout.function || del_timer(&i->timeout))) {
+ if (i->master == ct && del_timer(&i->timeout)) {
unlink_expect(i);
destroy_expect(i);
}
@@ -988,8 +987,7 @@
WRITE_LOCK(&nf_conntrack_lock);
/* choose the the oldest expectation to evict */
list_for_each_entry_reverse(i, &nf_conntrack_expect_list, list) {
- if (expect_matches(i, exp)
- && (!i->timeout.function || del_timer(&i->timeout))) {
+ if (expect_matches(i, exp) && del_timer(&i->timeout)) {
unlink_expect(i);
WRITE_UNLOCK(&nf_conntrack_lock);
destroy_expect(i);
@@ -1043,7 +1041,7 @@
list_for_each_entry_reverse(i, &nf_conntrack_expect_list, list) {
if (i->master == master) {
- if (!i->timeout.function || del_timer(&i->timeout)) {
+ if (del_timer(&i->timeout)) {
unlink_expect(i);
destroy_expect(i);
}
@@ -1054,9 +1052,6 @@
static inline int refresh_timer(struct nf_conntrack_expect *i)
{
- if (!i->timeout.function)
- return 1;
-
if (!del_timer(&i->timeout))
return 0;
@@ -1122,6 +1117,8 @@
int nf_conntrack_helper_register(struct nf_conntrack_helper *me)
{
int ret;
+ BUG_ON(me->timeout == 0);
+
ret = nf_conntrack_register_cache(NF_CT_F_HELP, "nf_conntrack:help",
sizeof(struct nf_conn)
+ sizeof(union nf_conntrack_help)
@@ -1157,12 +1154,9 @@
/* Get rid of expectations */
list_for_each_entry_safe(exp, tmp, &nf_conntrack_expect_list, list) {
- if (exp->master->helper == me) {
- if (!exp->timeout.function
- || del_timer(&exp->timeout)) {
- unlink_expect(exp);
- destroy_expect(exp);
- }
+ if (exp->master->helper == me && del_timer(&exp->timeout)) {
+ unlink_expect(exp);
+ destroy_expect(exp);
}
}
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c 2005-02-15 03:17:44 UTC (rev 3708)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c 2005-02-15 03:21:29 UTC (rev 3709)
@@ -652,7 +652,7 @@
ftp[i][j].mask.src.u.tcp.port = 0xFFFF;
ftp[i][j].mask.dst.protonum = 0xFFFF;
ftp[i][j].max_expected = 1;
- ftp[i][j].timeout = 0;
+ ftp[i][j].timeout = 5 * 60; /* 5 Minutes */
ftp[i][j].me = nf_conntrack_ftp;
ftp[i][j].help = help;
tmpname = &ftp_names[i][j][0];
More information about the netfilter-cvslog
mailing list