diff options
| author | Patrick McHardy <kaber@trash.net> | 2010-02-03 13:48:53 +0100 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-03 13:48:53 +0100 |
| commit | 858b31330054a9ad259feceea0ad1ce5385c47f0 (patch) | |
| tree | 642349680ff9c29d506dd7661bbc8b724209fbf5 /net/netfilter/nf_conntrack_proto_sctp.c | |
| parent | add67461240c1dadc7c8d97e66f8f92b556ca523 (diff) | |
| download | kernel_samsung_smdk4412-858b31330054a9ad259feceea0ad1ce5385c47f0.zip kernel_samsung_smdk4412-858b31330054a9ad259feceea0ad1ce5385c47f0.tar.gz kernel_samsung_smdk4412-858b31330054a9ad259feceea0ad1ce5385c47f0.tar.bz2 | |
netfilter: nf_conntrack: split up IPCT_STATUS event
Split up the IPCT_STATUS event into an IPCT_REPLY event, which is generated
when the IPS_SEEN_REPLY bit is set, and an IPCT_ASSURED event, which is
generated when the IPS_ASSURED bit is set.
In combination with a following patch to support selective event delivery,
this can be used for "sparse" conntrack replication: start replicating the
conntrack entry after it reached the ASSURED state and that way it's SYN-flood
resistant.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_proto_sctp.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_sctp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index f9d930f..b68ff15 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c @@ -377,7 +377,7 @@ static int sctp_packet(struct nf_conn *ct, new_state == SCTP_CONNTRACK_ESTABLISHED) { pr_debug("Setting assured bit\n"); set_bit(IPS_ASSURED_BIT, &ct->status); - nf_conntrack_event_cache(IPCT_STATUS, ct); + nf_conntrack_event_cache(IPCT_ASSURED, ct); } return NF_ACCEPT; |