diff options
author | Oz Shlomo <ozsh@nvidia.com> | 2021-06-03 15:12:35 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-07 12:23:38 +0200 |
commit | 1d91d2e1a7f767aa8c11d8507ecf268f787734ec (patch) | |
tree | f608edfa1896c9e43e155337ecab630baf1e4ef6 /include/net/netfilter | |
parent | 975c57504da1114551fdb3a91ed61dda7739613e (diff) |
netfilter: flowtable: Set offload timeouts according to proto values
Currently the aging period for tcp/udp connections is hard coded to
30 seconds. Aged tcp/udp connections configure a hard coded 120/30
seconds pickup timeout for conntrack.
This configuration may be too aggressive or permissive for some users.
Dynamically configure the nf flow table GC timeout intervals according
to the user defined values.
Signed-off-by: Oz Shlomo <ozsh@nvidia.com>
Reviewed-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net/netfilter')
-rw-r--r-- | include/net/netfilter/nf_flow_table.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 48ef7460ff30..a3647fadf1cc 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -177,6 +177,8 @@ struct flow_offload { #define NF_FLOW_TIMEOUT (30 * HZ) #define nf_flowtable_time_stamp (u32)jiffies +unsigned long flow_offload_get_timeout(struct flow_offload *flow); + static inline __s32 nf_flow_timeout_delta(unsigned int timeout) { return (__s32)(timeout - nf_flowtable_time_stamp); |