type FirewallConntrack struct {
    sync.Mutex

    Conns      map[firewall.Packet]*conn
    TimerWheel *TimerWheel[firewall.Packet]
}

func (f *Firewall) inConns(
    fp firewall.Packet, h *HostInfo,
    caPool *cert.CAPool,
    localCache firewall.ConntrackCache,
) bool {
    if localCache != nil {
        if _, ok := localCache[fp]; ok {
            return true
        }
    }
    conntrack := f.Conntrack
    conntrack.Lock()

    // Purge every time we test
    ep, has := conntrack.TimerWheel.Purge()
    if has {
        f.evict(ep)
    }

    c, ok := conntrack.Conns[fp]
    if !ok {
        conntrack.Unlock()
        return false
    }
    // ... update expiry ...
    conntrack.Unlock()

    if localCache != nil {
        localCache[fp] = struct{}{}
    }
    return true
}