aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@computergmbh.de>2007-12-18 01:44:47 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:59:09 -0500
commit22c2d8bca212a655c120fd6617328ffa3480afad (patch)
treec0c61cf5a2bbc8d6371255389231dfa702c786fe
parente79ec50b9587c175f65f98550d66ad5b96c05dd9 (diff)
[NETFILTER]: xt_connlimit: use the new union nf_inet_addr
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--include/linux/netfilter/xt_connlimit.h9
-rw-r--r--net/netfilter/xt_connlimit.c7
2 files changed, 10 insertions, 6 deletions
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 37e933c9987d..315d2dce9da6 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -5,8 +5,13 @@ struct xt_connlimit_data;
5 5
6struct xt_connlimit_info { 6struct xt_connlimit_info {
7 union { 7 union {
8 __be32 v4_mask; 8 union nf_inet_addr mask;
9 __be32 v6_mask[4]; 9#ifndef __KERNEL__
10 union {
11 __be32 v4_mask;
12 __be32 v6_mask[4];
13 };
14#endif
10 }; 15 };
11 unsigned int limit, inverse; 16 unsigned int limit, inverse;
12 17
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index b7a684607c73..6a9e2a357186 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -185,7 +185,7 @@ connlimit_mt(const struct sk_buff *skb, const struct net_device *in,
185 bool *hotdrop) 185 bool *hotdrop)
186{ 186{
187 const struct xt_connlimit_info *info = matchinfo; 187 const struct xt_connlimit_info *info = matchinfo;
188 union nf_inet_addr addr, mask; 188 union nf_inet_addr addr;
189 struct nf_conntrack_tuple tuple; 189 struct nf_conntrack_tuple tuple;
190 const struct nf_conntrack_tuple *tuple_ptr = &tuple; 190 const struct nf_conntrack_tuple *tuple_ptr = &tuple;
191 enum ip_conntrack_info ctinfo; 191 enum ip_conntrack_info ctinfo;
@@ -202,15 +202,14 @@ connlimit_mt(const struct sk_buff *skb, const struct net_device *in,
202 if (match->family == AF_INET6) { 202 if (match->family == AF_INET6) {
203 const struct ipv6hdr *iph = ipv6_hdr(skb); 203 const struct ipv6hdr *iph = ipv6_hdr(skb);
204 memcpy(&addr.ip6, &iph->saddr, sizeof(iph->saddr)); 204 memcpy(&addr.ip6, &iph->saddr, sizeof(iph->saddr));
205 memcpy(&mask.ip6, info->v6_mask, sizeof(info->v6_mask));
206 } else { 205 } else {
207 const struct iphdr *iph = ip_hdr(skb); 206 const struct iphdr *iph = ip_hdr(skb);
208 addr.ip = iph->saddr; 207 addr.ip = iph->saddr;
209 mask.ip = info->v4_mask;
210 } 208 }
211 209
212 spin_lock_bh(&info->data->lock); 210 spin_lock_bh(&info->data->lock);
213 connections = count_them(info->data, tuple_ptr, &addr, &mask, match); 211 connections = count_them(info->data, tuple_ptr, &addr,
212 &info->mask, match);
214 spin_unlock_bh(&info->data->lock); 213 spin_unlock_bh(&info->data->lock);
215 214
216 if (connections < 0) { 215 if (connections < 0) {
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-12 21:58:55 -0500