summaryrefslogtreecommitdiff
path: root/src/cache_iterators.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-12-11 18:35:04 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2008-12-11 18:35:04 +0100
commit9369fe5370341f72c15de8d72917d014a6c7e460 (patch)
treebec13c2d876d8fd89d7661149bc880e3bf5cd79c /src/cache_iterators.c
parent98154b7d83d1493ba9c2d1b0a8e4b39b635e3082 (diff)
downloadconntrack-tools-9369fe5370341f72c15de8d72917d014a6c7e460.tar.gz
conntrack-tools-9369fe5370341f72c15de8d72917d014a6c7e460.zip
cache_iterators: use a cloned object while resetting timers
This patch uses a clone object that includes the original tuple and the new timer to be set. This fixes EINVAL and EBUSY errors reporting while trying to update the timer of some conntrack entries. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/cache_iterators.c')
-rw-r--r--src/cache_iterators.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/src/cache_iterators.c b/src/cache_iterators.c
index 661528f..12ffcff 100644
--- a/src/cache_iterators.c
+++ b/src/cache_iterators.c
@@ -231,8 +231,15 @@ static int do_reset_timers(void *data1, void *data2)
struct nfct_handle *h = data1;
struct us_conntrack *u = data2;
struct nf_conntrack *ct = u->ct;
+ char __tmp[nfct_maxsize()];
+ struct nf_conntrack *tmp = (struct nf_conntrack *) (void *)__tmp;
- ret = nl_get_conntrack(h, ct);
+ memset(__tmp, 0, sizeof(__tmp));
+
+ /* use the original tuple to check if it is there */
+ nfct_copy(tmp, ct, NFCT_CP_ORIG);
+
+ ret = nl_get_conntrack(h, tmp);
switch (ret) {
case -1:
/* the kernel table is not in sync with internal cache */
@@ -240,14 +247,15 @@ static int do_reset_timers(void *data1, void *data2)
dlog_ct(STATE(log), ct, NFCT_O_PLAIN);
break;
case 1:
+ /* use the object that contain the current timer */
current_timeout = nfct_get_attr_u32(ct, ATTR_TIMEOUT);
/* already about to die, do not touch it */
if (current_timeout < CONFIG(purge_timeout))
break;
- nfct_set_attr_u32(ct, ATTR_TIMEOUT, CONFIG(purge_timeout));
+ nfct_set_attr_u32(tmp, ATTR_TIMEOUT, CONFIG(purge_timeout));
- if (nl_update_conntrack(h, ct) == -1) {
+ if (nl_update_conntrack(h, tmp) == -1) {
if (errno == ETIME || errno == ENOENT)
break;
dlog(LOG_ERR, "reset-timers-upd: %s", strerror(errno));