libxt_CT: add --timeout option

This patch adds the --timeout option to allow to attach timeout policy objects to flows, eg. iptables -I PREROUTING -t raw -s 1.1.1.1 -p tcp \ -j CT --timeout custom-tcp-policy You need the nfct(8) tool which is available at: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=nfct.git To define the cttimeout policies. Example of usage: nfct timeout add custom-tcp-policy inet tcp established 1000 The new nfct tool also requires libnetfilter_cttimeout: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_cttimeout.git Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2012-02-29 13:48:36 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-04-02 13:37:49 +0200
commit: e8f32983048d6aa4a908b6a92da55fa71c859623 (patch)
tree: 7e3240694e7a06115f68fb04e61efd6038c0e62b /include
parent: c4a6b0d437b02458fb3cb827b694fd94b3fbe044 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h
index b56e7681..a064b8af 100644
--- a/include/linux/netfilter/xt_CT.h
+++ b/include/linux/netfilter/xt_CT.h
@@ -16,4 +16,16 @@ struct xt_ct_target_info {
 	struct nf_conn	*ct __attribute__((aligned(8)));
 };
 
+struct xt_ct_target_info_v1 {
+	__u16 flags;
+	__u16 zone;
+	__u32 ct_events;
+	__u32 exp_events;
+	char helper[16];
+	char timeout[32];
+
+	/* Used internally by the kernel */
+	struct nf_conn	*ct __attribute__((aligned(8)));
+};
+
 #endif /* _XT_CT_H */
author	Pablo Neira Ayuso <pablo@netfilter.org>	2012-02-29 13:48:36 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-04-02 13:37:49 +0200
commit	e8f32983048d6aa4a908b6a92da55fa71c859623 (patch)
tree	7e3240694e7a06115f68fb04e61efd6038c0e62b /include
parent	c4a6b0d437b02458fb3cb827b694fd94b3fbe044 (diff)