netfilter: let reset rules clean out conntrack entries

[platform/kernel/linux-starfive.git] / net / netfilter / nf_conntrack_proto_tcp.c

diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 16ee5eb..4018acb 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -911,6 +911,41 @@ static bool tcp_can_early_drop(const struct nf_conn *ct)
        return false;
 }
 
+void nf_conntrack_tcp_set_closing(struct nf_conn *ct)
+{
+       enum tcp_conntrack old_state;
+       const unsigned int *timeouts;
+       u32 timeout;
+
+       if (!nf_ct_is_confirmed(ct))
+               return;
+
+       spin_lock_bh(&ct->lock);
+       old_state = ct->proto.tcp.state;
+       ct->proto.tcp.state = TCP_CONNTRACK_CLOSE;
+
+       if (old_state == TCP_CONNTRACK_CLOSE ||
+           test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
+               spin_unlock_bh(&ct->lock);
+               return;
+       }
+
+       timeouts = nf_ct_timeout_lookup(ct);
+       if (!timeouts) {
+               const struct nf_tcp_net *tn;
+
+               tn = nf_tcp_pernet(nf_ct_net(ct));
+               timeouts = tn->timeouts;
+       }
+
+       timeout = timeouts[TCP_CONNTRACK_CLOSE];
+       WRITE_ONCE(ct->timeout, timeout + nfct_time_stamp);
+
+       spin_unlock_bh(&ct->lock);
+
+       nf_conntrack_event_cache(IPCT_PROTOINFO, ct);
+}
+
 static void nf_ct_tcp_state_reset(struct ip_ct_tcp_state *state)
 {
        state->td_end           = 0;