diff options
author | Patrick McHardy <kaber@trash.net> | 2005-09-06 15:06:42 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-09-06 15:06:42 -0700 |
commit | 2248bcfcd8fb622ec88b8587d0c1f139635ffd2e (patch) | |
tree | d3b38076592384bfb69b526f5ec3a8c2222fd4cd /net/ipv4/netfilter/ip_conntrack_core.c | |
parent | 9261c9b042547d01eeb206cf0e21ce72832245ec (diff) |
[NETFILTER]: Add support for permanent expectations
A permanent expectation exists until timeing out and can expect
multiple related connections.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/ip_conntrack_core.c')
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index a0648600190..e23e8ca476c 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c @@ -264,10 +264,14 @@ find_expectation(const struct ip_conntrack_tuple *tuple) master ct never got confirmed, we'd hold a reference to it and weird things would happen to future packets). */ if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask) - && is_confirmed(i->master) - && del_timer(&i->timeout)) { - unlink_expect(i); - return i; + && is_confirmed(i->master)) { + if (i->flags & IP_CT_EXPECT_PERMANENT) { + atomic_inc(&i->use); + return i; + } else if (del_timer(&i->timeout)) { + unlink_expect(i); + return i; + } } } return NULL; |