[NETFILTER]: Make expectations timeouts compulsory

This patch simplifies the code by always having expectation timeouts.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/netfilter/ip_conntrack_core.c

@@ -176,7 +176,7 @@ find_expectation(const struct ip_conntrack_tuple *tuple)
 		   and weird things would happen to future packets). */
 		if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)
 		    && is_confirmed(i->master)
-		    && (!i->timeout.function || del_timer(&i->timeout))) {
+		    && del_timer(&i->timeout)) {
 			unlink_expect(i);
 			return i;
 		}
@@ -194,8 +194,7 @@ static void remove_expectations(struct ip_conntrack *ct)
 		return;
 
 	list_for_each_entry_safe(i, tmp, &ip_conntrack_expect_list, list) {
-		if (i->master == ct
-		    && (!i->timeout.function || del_timer(&i->timeout))) {
+		if (i->master == ct && del_timer(&i->timeout)) {
 			unlink_expect(i);
 			destroy_expect(i);
 		}
@@ -722,8 +721,7 @@ void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp)
 	WRITE_LOCK(&ip_conntrack_lock);
 	/* choose the the oldest expectation to evict */
 	list_for_each_entry_reverse(i, &ip_conntrack_expect_list, list) {
-		if (expect_matches(i, exp)
-		    && (!i->timeout.function || del_timer(&i->timeout))) {
+		if (expect_matches(i, exp) && del_timer(&i->timeout)) {
 			unlink_expect(i);
 			WRITE_UNLOCK(&ip_conntrack_lock);
 			destroy_expect(i);
@@ -777,7 +775,7 @@ static void evict_oldest_expect(struct ip_conntrack *master)
 
 	list_for_each_entry_reverse(i, &ip_conntrack_expect_list, list) {
 		if (i->master == master) {
-			if (!i->timeout.function || del_timer(&i->timeout)) {
+			if (del_timer(&i->timeout)) {
 				unlink_expect(i);
 				destroy_expect(i);
 			}
@@ -788,9 +786,6 @@ static void evict_oldest_expect(struct ip_conntrack *master)
 
 static inline int refresh_timer(struct ip_conntrack_expect *i)
 {
-	if (!i->timeout.function)
-		return 1;
-
 	if (!del_timer(&i->timeout))
 		return 0;
 
@@ -856,6 +851,7 @@ void ip_conntrack_alter_reply(struct ip_conntrack *conntrack,
 
 int ip_conntrack_helper_register(struct ip_conntrack_helper *me)
 {
+	BUG_ON(me->timeout == 0);
 	WRITE_LOCK(&ip_conntrack_lock);
 	list_prepend(&helpers, me);
 	WRITE_UNLOCK(&ip_conntrack_lock);
@@ -882,14 +878,11 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me)
 
 	/* Get rid of expectations */
 	list_for_each_entry_safe(exp, tmp, &ip_conntrack_expect_list, list) {
-		if (exp->master->helper == me) {
-			if (!exp->timeout.function
-			    || del_timer(&exp->timeout)) {
+		if (exp->master->helper == me && del_timer(&exp->timeout)) {
 			unlink_expect(exp);
 			destroy_expect(exp);
 		}
 	}
-	}
 	/* Get rid of expecteds, set helpers to NULL. */
 	LIST_FIND_W(&unconfirmed, unhelp, struct ip_conntrack_tuple_hash*, me);
 	for (i = 0; i < ip_conntrack_htable_size; i++)

net/ipv4/netfilter/ip_conntrack_ftp.c

@@ -476,7 +476,7 @@ static int __init init(void)
 		ftp[i].mask.src.u.tcp.port = 0xFFFF;
 		ftp[i].mask.dst.protonum = 0xFFFF;
 		ftp[i].max_expected = 1;
-		ftp[i].timeout = 0;
+		ftp[i].timeout = 5 * 60; /* 5 minutes */
 		ftp[i].me = ip_conntrack_ftp;
 		ftp[i].help = help;
 

net/ipv4/netfilter/ip_conntrack_tftp.c

@@ -131,7 +131,7 @@ static int __init init(void)
 		tftp[i].mask.dst.protonum = 0xFFFF;
 		tftp[i].mask.src.u.udp.port = 0xFFFF;
 		tftp[i].max_expected = 1;
-		tftp[i].timeout = 0;
+		tftp[i].timeout = 5 * 60; /* 5 minutes */
 		tftp[i].me = THIS_MODULE;
 		tftp[i].help = tftp_help;
 

net/ipv4/netfilter/ip_nat_irc.c

@@ -34,8 +34,6 @@ MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
 MODULE_DESCRIPTION("IRC (DCC) NAT helper");
 MODULE_LICENSE("GPL");
 
-/* FIXME: Time out? --RR */
-
 static unsigned int help(struct sk_buff **pskb,
 			 enum ip_conntrack_info ctinfo,
 			 unsigned int matchoff,