From patchwork Thu May  3 00:39:24 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kelvie Wong <kelvie@ieee.org>
X-Patchwork-Id: 156581
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 9CBFCB6FB7
	for <incoming@patchwork.ozlabs.org>;
	Thu,  3 May 2012 10:39:43 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754830Ab2ECAjm (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Wed, 2 May 2012 20:39:42 -0400
Received: from mail-qc0-f174.google.com ([209.85.216.174]:57556 "EHLO
	mail-qc0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754409Ab2ECAjm (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Wed, 2 May 2012 20:39:42 -0400
Received: by mail-qc0-f174.google.com with SMTP id o28so807896qcr.19
	for <netfilter-devel@vger.kernel.org>;
	Wed, 02 May 2012 17:39:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to
	:references; bh=G3y1DBS6nJusHm9aXjDt4yGb6yz6oZBxCfQJuD+s8Ls=;
	b=YGN709fRntlWpoqUv66MLrW5cJohaPp1PHNv5OSjYjXSO/Wb6SPMtIrclDS7affExa
	AMVo8D/CIhBH9gqs1ppxnfSUmWTeHPfib6xe1ziM06qYe8vCBXYghqG3h8CphABoJBVr
	INcK0seEXpLCk9KQ2sBo/dehvJZ+1qi8qxdUezzknEk6jpr6QSUMIukjlp9zeumIkMMy
	3AAzdvvQV3fBd9TCrAviIUN6henKfo4aHVclfSoIectwFWF7QTvwl6wzKSXdXg4dB+B5
	FmumjdB/HvSV25rPnd9zGM0PNSnSTTJGatHp9/5T/DtE+6KP163699fwpRPQwy9ULtPH
	Af1A==
Received: by 10.229.136.202 with SMTP id s10mr77182qct.71.1336005581825;
	Wed, 02 May 2012 17:39:41 -0700 (PDT)
Received: from kwong-desktop.wurldtech.local (served.by.wurldtech.com.
	[209.121.191.146]) by mx.google.com with ESMTPS id
	dv1sm6061157qab.22.2012.05.02.17.39.40
	(version=TLSv1/SSLv3 cipher=OTHER);
	Wed, 02 May 2012 17:39:41 -0700 (PDT)
From: Kelvie Wong <kelvie@ieee.org>
To: netfilter-devel@vger.kernel.org
Cc: Kelvie Wong <kelvie@ieee.org>
Subject: [PATCH] netfilter: nf_ct_expect: partially implement
	ctnetlink_change_expect
Date: Wed,  2 May 2012 17:39:24 -0700
Message-Id: <1336005564-23171-3-git-send-email-kelvie@ieee.org>
X-Mailer: git-send-email 1.7.9.5
In-Reply-To: <1336005564-23171-1-git-send-email-kelvie@ieee.org>
References: <1336005564-23171-1-git-send-email-kelvie@ieee.org>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

This refreshes the "timeout" attribute in existing expectations if one is
given.

The use case for this would be for userspace helpers to extend the lifetime
of the expectation when requested, as this is not possible right now
without deleting/recreating the expectation.

I use this specifically for forwarding DCERPC traffic through:

DCERPC has a port mapper daemon that chooses a (seemingly) random port for
future traffic to go to. We expect this traffic (with a reasonable
timeout), but sometimes the port mapper will tell the client to continue
using the same port. This allows us to extend the expectation accordingly.

Signed-off-by: Kelvie Wong <kelvie@ieee.org>
---
 net/netfilter/nf_conntrack_netlink.c |   10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index ca7e835..87a9682 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2065,6 +2065,16 @@ static int
 ctnetlink_change_expect(struct nf_conntrack_expect *x,
 			const struct nlattr * const cda[])
 {
+	/* Refresh the timeout */
+	if (cda[CTA_EXPECT_TIMEOUT]) {
+		if (!del_timer(&x->timeout))
+			return -ETIME;
+
+		x->timeout.expires = jiffies +
+			ntohl(nla_get_be32(cda[CTA_EXPECT_TIMEOUT])) * HZ;
+		add_timer(&x->timeout);
+		return 0;
+	}
 	return -EOPNOTSUPP;
 }