diff options
author | Florian Westphal <fw@strlen.de> | 2016-07-06 14:53:06 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-07-08 14:55:14 +0200 |
commit | c8607e020014cf11a61601a0005270bad81cabdf (patch) | |
tree | 9e2c1565bebf826797ff8998124548f828f4b318 /net | |
parent | 9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 (diff) | |
download | op-kernel-dev-c8607e020014cf11a61601a0005270bad81cabdf.zip op-kernel-dev-c8607e020014cf11a61601a0005270bad81cabdf.tar.gz |
netfilter: nft_ct: fix expiration getter
We need to compute timeout.expires - jiffies, not the other way around.
Add a helper, another patch can then later change more places in
conntrack code where we currently open-code this.
Will allow us to only change one place later when we remove per-ct timer.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nft_ct.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index 137e308..81fbb45 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -54,7 +54,6 @@ static void nft_ct_get_eval(const struct nft_expr *expr, const struct nf_conn_help *help; const struct nf_conntrack_tuple *tuple; const struct nf_conntrack_helper *helper; - long diff; unsigned int state; ct = nf_ct_get(pkt->skb, &ctinfo); @@ -94,10 +93,7 @@ static void nft_ct_get_eval(const struct nft_expr *expr, return; #endif case NFT_CT_EXPIRATION: - diff = (long)jiffies - (long)ct->timeout.expires; - if (diff < 0) - diff = 0; - *dest = jiffies_to_msecs(diff); + *dest = jiffies_to_msecs(nf_ct_expires(ct)); return; case NFT_CT_HELPER: if (ct->master == NULL) |