[NETFILTER]: Add support for permanent expectations

A permanent expectation exists until timeing out and can expect multiple related connections. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2005-09-06 15:06:42 -0700
committer: David S. Miller <davem@davemloft.net> 2005-09-06 15:06:42 -0700
commit: 2248bcfcd8fb622ec88b8587d0c1f139635ffd2e (patch)
tree: d3b38076592384bfb69b526f5ec3a8c2222fd4cd /net/ipv4/netfilter/ip_conntrack_core.c
parent: 9261c9b042547d01eeb206cf0e21ce72832245ec (diff)
download: op-kernel-dev-2248bcfcd8fb622ec88b8587d0c1f139635ffd2e.zip
op-kernel-dev-2248bcfcd8fb622ec88b8587d0c1f139635ffd2e.tar.gz
1 files changed, 8 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index a064860..e23e8ca 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -264,10 +264,14 @@ find_expectation(const struct ip_conntrack_tuple *tuple)
 		   master ct never got confirmed, we'd hold a reference to it
 		   and weird things would happen to future packets). */
 		if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)
-		    && is_confirmed(i->master)
-		    && del_timer(&i->timeout)) {
-			unlink_expect(i);
-			return i;
+		    && is_confirmed(i->master)) {
+			if (i->flags & IP_CT_EXPECT_PERMANENT) {
+				atomic_inc(&i->use);
+				return i;
+			} else if (del_timer(&i->timeout)) {
+				unlink_expect(i);
+				return i;
+			}
 		}
 	}
 	return NULL;
author	Patrick McHardy <kaber@trash.net>	2005-09-06 15:06:42 -0700
committer	David S. Miller <davem@davemloft.net>	2005-09-06 15:06:42 -0700
commit	2248bcfcd8fb622ec88b8587d0c1f139635ffd2e (patch)
tree	d3b38076592384bfb69b526f5ec3a8c2222fd4cd /net/ipv4/netfilter/ip_conntrack_core.c
parent	9261c9b042547d01eeb206cf0e21ce72832245ec (diff)
download	op-kernel-dev-2248bcfcd8fb622ec88b8587d0c1f139635ffd2e.zip op-kernel-dev-2248bcfcd8fb622ec88b8587d0c1f139635ffd2e.tar.gz