netfilter: xtables: connlimit revision 1

This adds destination address-based selection. The old "inverse" member is overloaded (memory-wise) with a new "flags" variable, similar to how J.Park did it with xt_string rev 1. Since revision 0 userspace only sets flag 0x1, no great changes are made to explicitly test for different revisions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2011-01-18 17:32:40 +0100
committer: Jan Engelhardt <jengelh@medozas.de> 2011-01-19 18:27:46 +0100
commit: cc4fc022571376412986e27e08b0765e9cb2aafb (patch)
tree: 5ac8445f9f00461614e18cd39cfcfe4f962b5412 /include/linux
parent: netfilter: nf_conntrack: nf_conntrack snmp helper (diff)
download: linux-dev-cc4fc022571376412986e27e08b0765e9cb2aafb.tar.xz
linux-dev-cc4fc022571376412986e27e08b0765e9cb2aafb.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 7e3284bcbd2b..8884efc605c7 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -3,6 +3,11 @@
 
 struct xt_connlimit_data;
 
+enum {
+	XT_CONNLIMIT_INVERT = 1 << 0,
+	XT_CONNLIMIT_DADDR  = 1 << 1,
+};
+
 struct xt_connlimit_info {
 	union {
 		union nf_inet_addr mask;
@@ -14,6 +19,13 @@ struct xt_connlimit_info {
 #endif
 	};
 	unsigned int limit, inverse;
+	union {
+		/* revision 0 */
+		unsigned int inverse;
+
+		/* revision 1 */
+		__u32 flags;
+	};
 
 	/* Used internally by the kernel */
 	struct xt_connlimit_data *data __attribute__((aligned(8)));
author	Jan Engelhardt <jengelh@medozas.de>	2011-01-18 17:32:40 +0100
committer	Jan Engelhardt <jengelh@medozas.de>	2011-01-19 18:27:46 +0100
commit	cc4fc022571376412986e27e08b0765e9cb2aafb (patch)
tree	5ac8445f9f00461614e18cd39cfcfe4f962b5412 /include/linux
parent	netfilter: nf_conntrack: nf_conntrack snmp helper (diff)
download	linux-dev-cc4fc022571376412986e27e08b0765e9cb2aafb.tar.xz linux-dev-cc4fc022571376412986e27e08b0765e9cb2aafb.zip