diff options
author | Patrick McHardy <kaber@trash.net> | 2010-02-03 13:48:53 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-02-03 13:48:53 +0100 |
commit | 858b31330054a9ad259feceea0ad1ce5385c47f0 (patch) | |
tree | 642349680ff9c29d506dd7661bbc8b724209fbf5 /net/netfilter/nf_conntrack_proto_udplite.c | |
parent | add67461240c1dadc7c8d97e66f8f92b556ca523 (diff) |
netfilter: nf_conntrack: split up IPCT_STATUS event
Split up the IPCT_STATUS event into an IPCT_REPLY event, which is generated
when the IPS_SEEN_REPLY bit is set, and an IPCT_ASSURED event, which is
generated when the IPS_ASSURED bit is set.
In combination with a following patch to support selective event delivery,
this can be used for "sparse" conntrack replication: start replicating the
conntrack entry after it reached the ASSURED state and that way it's SYN-flood
resistant.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_proto_udplite.c')
-rw-r--r-- | net/netfilter/nf_conntrack_proto_udplite.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_proto_udplite.c b/net/netfilter/nf_conntrack_proto_udplite.c index 458655bb210..0b1bc9ba667 100644 --- a/net/netfilter/nf_conntrack_proto_udplite.c +++ b/net/netfilter/nf_conntrack_proto_udplite.c @@ -75,7 +75,7 @@ static int udplite_packet(struct nf_conn *ct, nf_ct_udplite_timeout_stream); /* Also, more likely to be important, and not a probe */ if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status)) - nf_conntrack_event_cache(IPCT_STATUS, ct); + nf_conntrack_event_cache(IPCT_ASSURED, ct); } else nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udplite_timeout); |