search for: rfc6887

...fault UDP timeout is three minutes (after SEEN_REPLY). The timeout for one specific entry is extended to five hours using the conntrack command or API. Three seconds later new traffic is seen for that entry and the kernel resets the timeout from 04:59:57 to 00:03:00. (Actual use case: Implementing RFC6887 PEER command so that e.g. UDP VPN can reduce keepalives by explicitly requesting a long-lived entry.) Might only need to check (and then keep the existing value) if existing timeout is longer than new value in "int [proto]_packet()" in net/netfilter/nf_conntrack_proto_[proto].c for each...