linux/net
Pablo Neira Ayuso 24de58f465 netfilter: xt_CT: allow to attach timeout policy + glue code
This patch allows you to attach the timeout policy via the
CT target, it adds a new revision of the target to ensure
backward compatibility. Moreover, it also contains the glue
code to stick the timeout object defined via nfnetlink_cttimeout
to the given flow.

Example usage (it requires installing the nfct tool and
libnetfilter_cttimeout):

1) create the timeout policy:

 nfct timeout add tcp-policy0 inet tcp \
	established 1000 close 10 time_wait 10 last_ack 10

2) attach the timeout policy to the packet:

 iptables -I PREROUTING -t raw -p tcp -j CT --timeout tcp-policy0

You have to install the following user-space software:

a) libnetfilter_cttimeout:
   git://git.netfilter.org/libnetfilter_cttimeout

b) nfct:
   git://git.netfilter.org/nfct

You also have to get iptables with -j CT --timeout support.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-03-07 17:41:28 +01:00
..
9p virtio: rename virtqueue_add_buf_gfp to virtqueue_add_buf 2012-01-12 15:44:42 +10:30
802 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
8021q vlan: static functions 2011-12-14 02:39:30 -05:00
appletalk net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
atm ppp: Replace uses of <linux/if_ppp.h> with <linux/ppp-ioctl.h> 2012-03-04 20:41:38 -05:00
ax25 ax25: avoid overflows in ax25_setsockopt() 2011-12-28 14:08:08 -05:00
batman-adv Merge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge 2012-02-28 15:07:52 -05:00
bluetooth Bluetooth: Fix possible use after free in delete path 2012-02-15 13:09:26 +02:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-03-05 21:16:26 -05:00
caif caif: remove duplicate initialization 2012-02-07 13:39:37 -05:00
can can: remove references to berlios mailinglist 2011-10-17 19:22:46 -04:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2012-02-02 15:47:33 -08:00
core net: Use bool for return value of dev_valid_name(). 2012-03-06 16:12:15 -05:00
dcb net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
dccp dccp: fix bug in sequence number validation during connection setup 2012-03-03 09:02:52 -07:00
decnet decnet: remove unused variable from dn_output() 2012-02-05 17:44:55 -05:00
dns_resolver
dsa dsa: Move switch drivers to new directory drivers/net/dsa 2011-11-29 00:21:36 -05:00
econet net: Remove all uses of LL_ALLOCATED_SPACE 2011-11-18 14:37:09 -05:00
ethernet eth: reset addr_assign_type if eth_mac_addr() called 2012-02-13 00:46:41 -05:00
ieee802154 net/ieee802154/6lowpan.c: reuse eth_mac_addr() 2012-02-22 14:46:37 -05:00
ipv4 netfilter: add cttimeout infrastructure for fine timeout tuning 2012-03-07 17:41:22 +01:00
ipv6 netfilter: add cttimeout infrastructure for fine timeout tuning 2012-03-07 17:41:22 +01:00
ipx net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
irda ppp: Replace uses of <linux/if_ppp.h> with <linux/ppp-ioctl.h> 2012-03-04 20:41:38 -05:00
iucv af_iucv: allow retrieval of maximum message size 2012-02-08 18:50:19 -05:00
key net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
l2tp ppp: Replace uses of <linux/if_ppp.h> with <linux/ppp-ioctl.h> 2012-03-04 20:41:38 -05:00
lapb wan: make LAPB callbacks const 2011-09-16 19:20:20 -04:00
llc llc: Fix race condition in llc_ui_recvmsg 2012-01-24 15:33:19 -05:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-03-01 17:57:40 -05:00
netfilter netfilter: xt_CT: allow to attach timeout policy + glue code 2012-03-07 17:41:28 +01:00
netlabel net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
netlink netlink: allow to pass data pointer to netlink_dump_start() callback 2012-02-26 14:10:44 -05:00
netrom netrom: avoid overflows in nr_setsockopt() 2011-12-28 14:08:08 -05:00
nfc nfc: NULL vs zero in nci_activate_target() 2012-01-27 14:57:04 -05:00
openvswitch net: use eth_hw_addr_random() and reset addr_assign_type 2012-02-15 15:34:17 -05:00
packet net: Add framework to allow sending packets with customized CRC. 2012-02-24 01:37:35 -08:00
phonet net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
rds rds: Make rds_sock_lock BH rather than IRQ safe. 2012-01-24 17:03:44 -05:00
rfkill Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2012-01-05 10:13:24 -05:00
rose net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rxrpc RxRPC: Fix kcalloc parameters swapped 2012-02-14 14:41:55 -05:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-02-26 21:55:51 -05:00
sctp Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-01-08 13:21:22 -08:00
sunrpc SUNRPC: Fix machine creds in generic_create_cred and generic_match 2012-01-23 14:03:46 -08:00
tipc tipc: Optimize setting of immutable payload message header fields 2012-02-29 11:45:35 -05:00
unix netlink: add netlink_dump_control structure for netlink_dump_start() 2012-02-26 14:10:06 -05:00
wanrouter wanrouter: Remove kernel_lock annotations 2011-11-07 13:27:30 -05:00
wimax net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
wireless cfg80211: remove cookies from callbacks 2012-02-29 14:11:33 -05:00
x25 net:x25: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xfrm netlink: add netlink_dump_control structure for netlink_dump_start() 2012-02-26 14:10:06 -05:00
compat.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
Kconfig net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
Makefile net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
nonet.c
socket.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
sysctl_net.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00