Merge tag 'for-linus' of git://github.com/openrisc/linux

[linux] / net / netfilter / nf_conntrack_proto_udp.c

diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index c879d8d..b4f5d5e 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -29,7 +29,7 @@
 
 static const unsigned int udp_timeouts[UDP_CT_MAX] = {
        [UDP_CT_UNREPLIED]      = 30*HZ,
-       [UDP_CT_REPLIED]        = 180*HZ,
+       [UDP_CT_REPLIED]        = 120*HZ,
 };
 
 static unsigned int *udp_get_timeouts(struct net *net)
@@ -100,11 +100,21 @@ static int udp_packet(struct nf_conn *ct,
        if (!timeouts)
                timeouts = udp_get_timeouts(nf_ct_net(ct));
 
+       if (!nf_ct_is_confirmed(ct))
+               ct->proto.udp.stream_ts = 2 * HZ + jiffies;
+
        /* If we've seen traffic both ways, this is some kind of UDP
-          stream.  Extend timeout. */
+        * stream. Set Assured.
+        */
        if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
-               nf_ct_refresh_acct(ct, ctinfo, skb,
-                                  timeouts[UDP_CT_REPLIED]);
+               unsigned long extra = timeouts[UDP_CT_UNREPLIED];
+
+               /* Still active after two seconds? Extend timeout. */
+               if (time_after(jiffies, ct->proto.udp.stream_ts))
+                       extra = timeouts[UDP_CT_REPLIED];
+
+               nf_ct_refresh_acct(ct, ctinfo, skb, extra);
+
                /* Also, more likely to be important, and not a probe */
                if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
                        nf_conntrack_event_cache(IPCT_ASSURED, ct);