netfilter: nft_ct: fix expiration getter We need to compute timeout.expires - jiffies, not the other way around. Add a helper, another patch can then later change more places in conntrack code where we currently open-code this. Will allow us to only change one place later when we remove per-ct timer. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit: c8607e020014cf11a61601a0005270bad81cabdf [log] [tgz]
author: Florian Westphal <fw@strlen.de> Wed Jul 06 14:53:06 2016 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> Fri Jul 08 14:55:14 2016 +0200
tree: 9e2c1565bebf826797ff8998124548f828f4b318
parent: 9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 [diff] [blame]
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index 137e308..81fbb45 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c

@@ -54,7 +54,6 @@
 	const struct nf_conn_help *help;
 	const struct nf_conntrack_tuple *tuple;
 	const struct nf_conntrack_helper *helper;
-	long diff;
 	unsigned int state;
 
 	ct = nf_ct_get(pkt->skb, &ctinfo);
@@ -94,10 +93,7 @@
 		return;
 #endif
 	case NFT_CT_EXPIRATION:
-		diff = (long)jiffies - (long)ct->timeout.expires;
-		if (diff < 0)
-			diff = 0;
-		*dest = jiffies_to_msecs(diff);
+		*dest = jiffies_to_msecs(nf_ct_expires(ct));
 		return;
 	case NFT_CT_HELPER:
 		if (ct->master == NULL)
commit	c8607e020014cf11a61601a0005270bad81cabdf	[log] [tgz]
author	Florian Westphal <fw@strlen.de>	Wed Jul 06 14:53:06 2016 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Fri Jul 08 14:55:14 2016 +0200
tree	9e2c1565bebf826797ff8998124548f828f4b318
parent	9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 [diff] [blame]