On Wed, Apr 19, 2023 at 01:15:26PM +0800, Tzung-Bi Shih wrote: > (struct nf_conn)->timeout is an interval before the conntrack > confirmed. After confirmed, it becomes a timestamp[1]. > > It is observed that timeout of an unconfirmed conntrack: > - Set by calling ctnetlink_change_timeout(). As a result, > `nfct_time_stamp` was wrongly added to `ct->timeout` twice[2]. > - Get by calling ctnetlink_dump_timeout(). As a result, > `nfct_time_stamp` was wrongly subtracted[3]. > > Separate the 2 cases in: > - Setting `ct->timeout` in __nf_ct_set_timeout(). > - Getting `ct->timeout` in ctnetlink_dump_timeout(). Applied, thanks
