netfilter: nft_ct: fix expiration getter
We need to compute timeout.expires - jiffies, not the other way around. Add a helper, another patch can then later change more places in conntrack code where we currently open-code this. Will allow us to only change one place later when we remove per-ct timer. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
9cc1c73ad6
commit
c8607e0200
@ -284,6 +284,14 @@ static inline bool nf_is_loopback_packet(const struct sk_buff *skb)
|
|||||||
return skb->dev && skb->skb_iif && skb->dev->flags & IFF_LOOPBACK;
|
return skb->dev && skb->skb_iif && skb->dev->flags & IFF_LOOPBACK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* jiffies until ct expires, 0 if already expired */
|
||||||
|
static inline unsigned long nf_ct_expires(const struct nf_conn *ct)
|
||||||
|
{
|
||||||
|
long timeout = (long)ct->timeout.expires - (long)jiffies;
|
||||||
|
|
||||||
|
return timeout > 0 ? timeout : 0;
|
||||||
|
}
|
||||||
|
|
||||||
struct kernel_param;
|
struct kernel_param;
|
||||||
|
|
||||||
int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp);
|
int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp);
|
||||||
|
@ -54,7 +54,6 @@ static void nft_ct_get_eval(const struct nft_expr *expr,
|
|||||||
const struct nf_conn_help *help;
|
const struct nf_conn_help *help;
|
||||||
const struct nf_conntrack_tuple *tuple;
|
const struct nf_conntrack_tuple *tuple;
|
||||||
const struct nf_conntrack_helper *helper;
|
const struct nf_conntrack_helper *helper;
|
||||||
long diff;
|
|
||||||
unsigned int state;
|
unsigned int state;
|
||||||
|
|
||||||
ct = nf_ct_get(pkt->skb, &ctinfo);
|
ct = nf_ct_get(pkt->skb, &ctinfo);
|
||||||
@ -94,10 +93,7 @@ static void nft_ct_get_eval(const struct nft_expr *expr,
|
|||||||
return;
|
return;
|
||||||
#endif
|
#endif
|
||||||
case NFT_CT_EXPIRATION:
|
case NFT_CT_EXPIRATION:
|
||||||
diff = (long)jiffies - (long)ct->timeout.expires;
|
*dest = jiffies_to_msecs(nf_ct_expires(ct));
|
||||||
if (diff < 0)
|
|
||||||
diff = 0;
|
|
||||||
*dest = jiffies_to_msecs(diff);
|
|
||||||
return;
|
return;
|
||||||
case NFT_CT_HELPER:
|
case NFT_CT_HELPER:
|
||||||
if (ct->master == NULL)
|
if (ct->master == NULL)
|
||||||
|
Loading…
Reference in New Issue
Block a user