From patchwork Tue May  8 00:22:17 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pablo Neira Ayuso <pablo@netfilter.org>
X-Patchwork-Id: 157511
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 9D256B6EE6
	for <incoming@patchwork.ozlabs.org>;
	Tue,  8 May 2012 10:23:44 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932255Ab2EHAXi (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Mon, 7 May 2012 20:23:38 -0400
Received: from mail.us.es ([193.147.175.20]:51852 "EHLO mail.us.es"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S932232Ab2EHAXN (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Mon, 7 May 2012 20:23:13 -0400
Received: (qmail 12280 invoked from network); 8 May 2012 02:23:12 +0200
Received: from unknown (HELO us.es) (192.168.2.13)
	by us.es with SMTP; 8 May 2012 02:23:12 +0200
Received: (qmail 5974 invoked by uid 507); 8 May 2012 00:23:11 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on antivirus3
X-Spam-Level: 
X-Spam-Status: No, score=-97.8 required=7.5 tests=BAYES_50,KHOP_DYNAMIC,
	RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,USER_IN_WHITELIST
	autolearn=disabled version=3.3.1
Received: from 127.0.0.1 by antivirus3 (envelope-from <pablo@netfilter.org>,
	uid 501) with qmail-scanner-2.08 (clamdscan: 0.97.4/14888.  
	Clear:RC:1(127.0.0.1):.
	Processed in 0.028682 secs); 08 May 2012 00:23:11 -0000
Received: from unknown (HELO antivirus3) (127.0.0.1)
	by us.es with SMTP; 8 May 2012 00:23:11 -0000
Received: from 192.168.1.13 (192.168.1.13)
	by antivirus3 (F-Secure/fsigk_smtp/407/antivirus3);
	Tue, 08 May 2012 02:23:11 +0200 (CEST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/407/antivirus3)
Received: (qmail 16842 invoked from network); 8 May 2012 02:23:19 +0200
Received: from 199.139.221.87.dynamic.jazztel.es (HELO
	localhost.localdomain) (pneira@us.es@87.221.139.199)
	by us.es with SMTP; 8 May 2012 02:23:19 +0200
From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 23/25] netfilter: nf_ct_expect: partially implement
	ctnetlink_change_expect
Date: Tue,  8 May 2012 02:22:17 +0200
Message-Id: <1336436539-5880-24-git-send-email-pablo@netfilter.org>
X-Mailer: git-send-email 1.7.9.5
In-Reply-To: <1336436539-5880-1-git-send-email-pablo@netfilter.org>
References: <1336436539-5880-1-git-send-email-pablo@netfilter.org>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

From: Kelvie Wong <kelvie@ieee.org>

This refreshes the "timeout" attribute in existing expectations if one is
given.

The use case for this would be for userspace helpers to extend the lifetime
of the expectation when requested, as this is not possible right now
without deleting/recreating the expectation.

I use this specifically for forwarding DCERPC traffic through:

DCERPC has a port mapper daemon that chooses a (seemingly) random port for
future traffic to go to. We expect this traffic (with a reasonable
timeout), but sometimes the port mapper will tell the client to continue
using the same port. This allows us to extend the expectation accordingly.

Signed-off-by: Kelvie Wong <kelvie@ieee.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_conntrack_netlink.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 462ec2d..6f4b00a 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2080,7 +2080,15 @@ static int
 ctnetlink_change_expect(struct nf_conntrack_expect *x,
 			const struct nlattr * const cda[])
 {
-	return -EOPNOTSUPP;
+	if (cda[CTA_EXPECT_TIMEOUT]) {
+		if (!del_timer(&x->timeout))
+			return -ETIME;
+
+		x->timeout.expires = jiffies +
+			ntohl(nla_get_be32(cda[CTA_EXPECT_TIMEOUT])) * HZ;
+		add_timer(&x->timeout);
+	}
+	return 0;
 }
 
 static const struct nla_policy exp_nat_nla_policy[CTA_EXPECT_NAT_MAX+1] = {