From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: Patrick McHardy <kaber@trash.net>, netfilter-devel@vger.kernel.org
Subject: [NETFILTER 60/64]: xt_connlimit: use the new union nf_inet_addr
Date: Tue, 18 Dec 2007 00:47:34 +0100 (MET) [thread overview]
Message-ID: <20071217234734.23601.52593.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20071217234612.23601.6979.sendpatchset@localhost.localdomain>
[NETFILTER]: xt_connlimit: use the new union nf_inet_addr
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 561162888ca9bb1ca4a95c41e7d4e03aae0d79c7
tree 251a0a045ca50713e3000a59c958e882f153a981
parent d1c627416f8e9632c67483522e7e2dbbebc89fe1
author Jan Engelhardt <jengelh@computergmbh.de> Mon, 17 Dec 2007 14:58:55 +0100
committer Patrick McHardy <kaber@trash.net> Tue, 18 Dec 2007 00:25:00 +0100
include/linux/netfilter/xt_connlimit.h | 9 +++++++--
net/netfilter/xt_connlimit.c | 7 +++----
2 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 37e933c..315d2dc 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -5,8 +5,13 @@ struct xt_connlimit_data;
struct xt_connlimit_info {
union {
- __be32 v4_mask;
- __be32 v6_mask[4];
+ union nf_inet_addr mask;
+#ifndef __KERNEL__
+ union {
+ __be32 v4_mask;
+ __be32 v6_mask[4];
+ };
+#endif
};
unsigned int limit, inverse;
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index b7a6846..6a9e2a3 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -185,7 +185,7 @@ connlimit_mt(const struct sk_buff *skb, const struct net_device *in,
bool *hotdrop)
{
const struct xt_connlimit_info *info = matchinfo;
- union nf_inet_addr addr, mask;
+ union nf_inet_addr addr;
struct nf_conntrack_tuple tuple;
const struct nf_conntrack_tuple *tuple_ptr = &tuple;
enum ip_conntrack_info ctinfo;
@@ -202,15 +202,14 @@ connlimit_mt(const struct sk_buff *skb, const struct net_device *in,
if (match->family == AF_INET6) {
const struct ipv6hdr *iph = ipv6_hdr(skb);
memcpy(&addr.ip6, &iph->saddr, sizeof(iph->saddr));
- memcpy(&mask.ip6, info->v6_mask, sizeof(info->v6_mask));
} else {
const struct iphdr *iph = ip_hdr(skb);
addr.ip = iph->saddr;
- mask.ip = info->v4_mask;
}
spin_lock_bh(&info->data->lock);
- connections = count_them(info->data, tuple_ptr, &addr, &mask, match);
+ connections = count_them(info->data, tuple_ptr, &addr,
+ &info->mask, match);
spin_unlock_bh(&info->data->lock);
if (connections < 0) {
next prev parent reply other threads:[~2007-12-17 23:47 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-17 23:46 [NETFILTER 00/64]: Netfilter update Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 01/64]: ip_tables: kill useless wrapper Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 02/64]: ip_tables: reformat compat code Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 03/64]: x_tables: make xt_compat_match_from_user usable in iterator macros Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 04/64]: {ip,ip6,arp}_tables: consolidate " Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 05/64]: ip_tables: account for struct ipt_entry/struct compat_ipt_entry size diff Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 06/64]: ip_tables: fix compat types Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 07/64]: ip_tables: move compat offset calculation to x_tables Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 08/64]: ip6_tables: kill a few useless defines/forward declarations Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 09/64]: ip6_tables: move entry, match and target checks to seperate functions Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 10/64]: ip6_tables: use vmalloc_node() Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 11/64]: ip6_tables: move counter allocation to seperate function Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 12/64]: ip6_tables: move IP6T_SO_GET_INFO handling " Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 13/64]: ip6_tables: resync get_entries() with ip_tables Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 14/64]: ip6_tables: add compat support Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 15/64]: x_tables: enable compat translation for IPv6 matches/targets Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 16/64]: xt_MARK: support revision 1 for IPv6 Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 17/64]: xt_MARK: add compat support for revision 0 Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 18/64]: {ip,ip6}_tables: reformat to eliminate differences Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 19/64]: {ip,ip6}_tables: fix format strings Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 20/64]: ip6_tables: fix stack leagage Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 21/64]: ip6_tables: use raw_smp_processor_id() in do_add_counters() Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 22/64]: ip_tables: remove ipchains compatibility hack Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 23/64]: ip6_tables: use XT_ALIGN Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 24/64]: arp_tables: remove obsolete standard_check function Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 25/64]: arp_tables: use XT_ALIGN Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 26/64]: arp_tables: use vmalloc_node() Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 27/64]: arp_tables: remove ipchains compat hack Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 28/64]: arp_tables: move entry and target checks to seperate functions Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 29/64]: arp_tables: move counter allocation to seperate function Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 30/64]: arp_tables: move ARPT_SO_GET_INFO handling " Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 31/64]: arp_tables: resync get_entries() with ip_tables Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 32/64]: arp_tables: add compat support Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 33/64]: xt_TCPMSS: don't allow netfilter --setmss to increase mss Patrick McHardy
2007-12-17 23:46 ` [NETFILTER 34/64]: ctnetlink: add support for NAT sequence adjustments Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 35/64]: ctnetlink: add support for master tuple event notification and dumping Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 36/64]: ctnetlink: add support for secmark Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 37/64]: nf_conntrack_sctp: add ctnetlink support Patrick McHardy
2007-12-17 23:47 ` [NETLINK 38/64]: Add NLA_PUT_BE16/nla_get_be16() Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 39/64]: ctnetlink: use netlink attribute helpers Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 40/64]: ctnetlink: fix expectation timeout dumping Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 41/64]: nf_nat_proto_gre: add missing module reference Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 42/64]: nf_nat: mark NAT protocols const Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 43/64]: nf_nat: sprinkle a few __read_mostlys Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 44/64]: nf_nat: pass manip type instead of hook to nf_nat_setup_info Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 45/64]: nf_log: move logging stuff to seperate header Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 46/64]: nf_log: constify struct nf_logger and nf_log_packet loginfo arg Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 47/64]: nf_log: remove incomprehensible comment Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 48/64]: nfnetlink_log: fix checks in nfulnl_recv_config Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 49/64]: nfnetlink_{queue,log}: return ENOTSUPP for unknown cfg commands Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 50/64]: nfnetlink_log: remove excessive debugging Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 51/64]: nfnetlink_{queue,log}: return proper error codes in instance_create Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 52/64]: nfnetlink_log: use endianness-aware attribute functions Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 53/64]: nfnetlink_log: include GID in netlink message Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 54/64]: Kill function prototype for non-existing function Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 55/64]: constify nf_afinfo Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 56/64]: nf_nat: properly use RCU for ip_nat_decode_session Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 57/64]: x_tables: use %u format specifiers Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 58/64]: Introduce nf_inet_address Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 59/64]: Parenthesize macro parameters Patrick McHardy
2007-12-17 23:47 ` Patrick McHardy [this message]
2007-12-17 23:47 ` [NETFILTER 61/64]: xt_hashlimit: speedup hash_dst() Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 62/64]: xt_hashlimit: reduce overhead without IPv6 Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 63/64]: non-power-of-two jhash optimizations Patrick McHardy
2007-12-17 23:47 ` [NETFILTER 64/64]: Add CONFIG_NETFILTER_ADVANCED option Patrick McHardy
2007-12-18 6:51 ` [NETFILTER 00/64]: Netfilter update David Miller
2007-12-18 10:31 ` Patrick McHardy
2007-12-18 11:32 ` Pablo Neira Ayuso
2007-12-18 11:33 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071217234734.23601.52593.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.