netfilter: xtables: connlimit revision 1
This adds destination address-based selection. The old "inverse" member is overloaded (memory-wise) with a new "flags" variable, similar to how J.Park did it with xt_string rev 1. Since revision 0 userspace only sets flag 0x1, no great changes are made to explicitly test for different revisions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
Jan Engelhardt
@ -3,6 +3,11 @@
|
||||
|
||||
struct xt_connlimit_data;
|
||||
|
||||
enum {
|
||||
XT_CONNLIMIT_INVERT = 1 << 0,
|
||||
XT_CONNLIMIT_DADDR = 1 << 1,
|
||||
};
|
||||
|
||||
struct xt_connlimit_info {
|
||||
union {
|
||||
union nf_inet_addr mask;
|
||||
@ -14,6 +19,13 @@ struct xt_connlimit_info {
|
||||
#endif
|
||||
};
|
||||
unsigned int limit, inverse;
|
||||
union {
|
||||
/* revision 0 */
|
||||
unsigned int inverse;
|
||||
|
||||
/* revision 1 */
|
||||
__u32 flags;
|
||||
};
|
||||
|
||||
/* Used internally by the kernel */
|
||||
struct xt_connlimit_data *data __attribute__((aligned(8)));
|
||||
|
||||
Reference in New Issue
Block a user