lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

netfilter: xt_recent: add address masking option

Browse Source 
The mask option allows you put all address belonging that mask into
the same recent slot. This can be useful in case that recent is used
to detect attacks from the same network segment.

Tested for backward compatibility.

Signed-off-by: Denys Fedoryshchenko <denys@visp.net.lb>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Denys Fedoryshchenko
2012-05-17 23:08:57 +03:00
committed by Pablo Neira Ayuso
parent 1da6dd0798
commit efdedd5426
4 changed files with 80 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
include/linux/netfilter.h
View File

@ -94,6 +94,16 @@ static inline int nf_inet_addr_cmp(const union nf_inet_addr *a1,
a1->all[3] == a2->all[3];
}
static inline void nf_inet_addr_mask(const union nf_inet_addr *a1,
union nf_inet_addr *result,
const union nf_inet_addr *mask)
{
result->all[0] = a1->all[0] & mask->all[0];
result->all[1] = a1->all[1] & mask->all[1];
result->all[2] = a1->all[2] & mask->all[2];
result->all[3] = a1->all[3] & mask->all[3];
}
extern void netfilter_init(void);
/* Largest hook number + 1 */