netfilter: nf_ct_ext: add timeout extension

#endif

#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP

	NF_CT_EXT_TSTAMP,

#endif

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

	NF_CT_EXT_TIMEOUT,

#endif

	NF_CT_EXT_NUM,

};

#define NF_CT_EXT_ECACHE_TYPE struct nf_conntrack_ecache

#define NF_CT_EXT_ZONE_TYPE struct nf_conntrack_zone

#define NF_CT_EXT_TSTAMP_TYPE struct nf_conn_tstamp

#define NF_CT_EXT_TIMEOUT_TYPE struct nf_conn_timeout

/* Extensions: optional stuff which isn't permanently in struct. */

struct nf_ct_ext {

#ifndef _NF_CONNTRACK_TIMEOUT_H

#define _NF_CONNTRACK_TIMEOUT_H

#include <net/net_namespace.h>

#include <linux/netfilter/nf_conntrack_common.h>

#include <linux/netfilter/nf_conntrack_tuple_common.h>

#include <net/netfilter/nf_conntrack.h>

#include <net/netfilter/nf_conntrack_extend.h>

#define CTNL_TIMEOUT_NAME_MAX	32

struct ctnl_timeout {

	struct list_head	head;

	struct rcu_head		rcu_head;

	atomic_t		refcnt;

	char			name[CTNL_TIMEOUT_NAME_MAX];

	__u16			l3num;

	__u8			l4num;

	char			data[0];

};

struct nf_conn_timeout {

	struct ctnl_timeout	*timeout;

};

#define NF_CT_TIMEOUT_EXT_DATA(__t) (unsigned int *) &((__t)->timeout->data)

static inline

struct nf_conn_timeout *nf_ct_timeout_find(const struct nf_conn *ct)

{

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

	return nf_ct_ext_find(ct, NF_CT_EXT_TIMEOUT);

#else

	return NULL;

#endif

}

static inline

struct nf_conn_timeout *nf_ct_timeout_ext_add(struct nf_conn *ct,

					      struct ctnl_timeout *timeout,

					      gfp_t gfp)

{

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

	struct nf_conn_timeout *timeout_ext;

	timeout_ext = nf_ct_ext_add(ct, NF_CT_EXT_TIMEOUT, gfp);

	if (timeout_ext == NULL)

		return NULL;

	timeout_ext->timeout = timeout;

	return timeout_ext;

#else

	return NULL;

#endif

};

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

extern int nf_conntrack_timeout_init(struct net *net);

extern void nf_conntrack_timeout_fini(struct net *net);

#else

static inline int nf_conntrack_timeout_init(struct net *net)

{

        return 0;

}

static inline void nf_conntrack_timeout_fini(struct net *net)

{

        return;

}

#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

extern struct ctnl_timeout *(*nf_ct_timeout_find_get_hook)(const char *name);

extern void (*nf_ct_timeout_put_hook)(struct ctnl_timeout *timeout);

#endif

#endif /* _NF_CONNTRACK_TIMEOUT_H */

	  If unsure, say `N'.

config NF_CONNTRACK_TIMEOUT

	bool  'Connection tracking timeout'

	depends on NETFILTER_ADVANCED

	help

	  This option enables support for connection tracking timeout

	  extension. This allows you to attach timeout policies to flow

	  via the CT target.

	  If unsure, say `N'.

config NF_CONNTRACK_TIMESTAMP

	bool  'Connection tracking timestamping'

	depends on NETFILTER_ADVANCED

netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o

nf_conntrack-y	:= nf_conntrack_core.o nf_conntrack_standalone.o nf_conntrack_expect.o nf_conntrack_helper.o nf_conntrack_proto.o nf_conntrack_l3proto_generic.o nf_conntrack_proto_generic.o nf_conntrack_proto_tcp.o nf_conntrack_proto_udp.o nf_conntrack_extend.o nf_conntrack_acct.o

nf_conntrack-$(CONFIG_NF_CONNTRACK_TIMEOUT) += nf_conntrack_timeout.o

nf_conntrack-$(CONFIG_NF_CONNTRACK_TIMESTAMP) += nf_conntrack_timestamp.o

nf_conntrack-$(CONFIG_NF_CONNTRACK_EVENTS) += nf_conntrack_ecache.o

#include <net/netfilter/nf_conntrack_ecache.h>

#include <net/netfilter/nf_conntrack_zones.h>

#include <net/netfilter/nf_conntrack_timestamp.h>

#include <net/netfilter/nf_conntrack_timeout.h>

#include <net/netfilter/nf_nat.h>

#include <net/netfilter/nf_nat_core.h>

	}

	nf_ct_free_hashtable(net->ct.hash, net->ct.htable_size);

	nf_conntrack_timeout_fini(net);

	nf_conntrack_ecache_fini(net);

	nf_conntrack_tstamp_fini(net);

	nf_conntrack_acct_fini(net);

	ret = nf_conntrack_ecache_init(net);

	if (ret < 0)

		goto err_ecache;

	ret = nf_conntrack_timeout_init(net);

	if (ret < 0)

		goto err_timeout;

	return 0;

err_timeout:

	nf_conntrack_timeout_fini(net);

err_ecache:

	nf_conntrack_tstamp_fini(net);

err_tstamp: