Fix reorder possible reordering of destroy messages under message omission. This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table.

3 files changed, 5 insertions, 2 deletions

diff --git a/include/cache.h b/include/cache.h
index f5afbe5..442a563 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -82,6 +82,7 @@ struct us_conntrack *cache_add(struct cache *c, struct nf_conntrack *ct);
 struct us_conntrack *cache_update(struct cache *c, struct nf_conntrack *ct);
 struct us_conntrack *cache_update_force(struct cache *c, struct nf_conntrack *ct);
 int cache_del(struct cache *c, struct nf_conntrack *ct);
+struct us_conntrack *cache_del_timeout(struct cache *c, struct nf_conntrack *ct, int timeout);
 int cache_test(struct cache *c, struct nf_conntrack *ct);
 void cache_stats(const struct cache *c, int fd);
 struct us_conntrack *cache_get_conntrack(struct cache *, void *);
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 57ac7e4..b266289 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -76,6 +76,7 @@ struct ct_conf {
 	int refresh;
 	int cache_timeout;		/* cache entries timeout */
 	int commit_timeout;		/* committed entries timeout */
+	int del_timeout;
 	unsigned int netlink_buffer_size;
 	unsigned int netlink_buffer_size_max_grown;
 	unsigned char ignore_protocol[IPPROTO_MAX];
diff --git a/include/us-conntrack.h b/include/us-conntrack.h
index 3d71e22..9eafa3b 100644
--- a/include/us-conntrack.h
+++ b/include/us-conntrack.h
@@ -1,12 +1,13 @@
 #ifndef _US_CONNTRACK_H_
 #define _US_CONNTRACK_H_
 
+#include "alarm.h"
 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
 
-/* be careful, do not modify the layout */
 struct us_conntrack {
 	struct 	nf_conntrack *ct;
-	struct  cache *cache;          /* add new attributes here */
+	struct  cache *cache; 
+	struct	alarm_block alarm;
 	char 	data[0];
 };