diff options
| author | Jan Engelhardt <jengelh@gmx.de> | 2007-07-14 23:47:26 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2007-07-14 23:47:26 -0400 |
| commit | 370786f9cfd430cb424f00ce4110e75bb1b95a19 (patch) | |
| tree | df0e51882850f8db8da8f6e4ab746179b1993b9c /include | |
| parent | a887c1c148ffb3eb1c193e9869ca5297c6e22078 (diff) | |
[NETFILTER]: x_tables: add connlimit match
ipt_connlimit has been sitting in POM-NG for a long time.
Here is a new shiny xt_connlimit with:
* xtables'ified
* will request the layer3 module
(previously it hotdropped every packet when it was not loaded)
* fixed: there was a deadlock in case of an OOM condition
* support for any layer4 protocol (e.g. UDP/SCTP)
* using jhash, as suggested by Eric Dumazet
* ipv6 support
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter/xt_connlimit.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h new file mode 100644 index 000000000000..90ae8b474cb8 --- /dev/null +++ b/include/linux/netfilter/xt_connlimit.h | |||
| @@ -0,0 +1,17 @@ | |||
| 1 | #ifndef _XT_CONNLIMIT_H | ||
| 2 | #define _XT_CONNLIMIT_H | ||
| 3 | |||
| 4 | struct xt_connlimit_data; | ||
| 5 | |||
| 6 | struct xt_connlimit_info { | ||
| 7 | union { | ||
| 8 | u_int32_t v4_mask; | ||
| 9 | u_int32_t v6_mask[4]; | ||
| 10 | }; | ||
| 11 | unsigned int limit, inverse; | ||
| 12 | |||
| 13 | /* this needs to be at the end */ | ||
| 14 | struct xt_connlimit_data *data __attribute__((aligned(8))); | ||
| 15 | }; | ||
| 16 | |||
| 17 | #endif /* _XT_CONNLIMIT_H */ | ||