[NETFILTER]: xt_connlimit: use the new union nf_inet_addr
authorJan Engelhardt <jengelh@computergmbh.de>
Tue, 18 Dec 2007 06:44:47 +0000 (22:44 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 22:59:09 +0000 (14:59 -0800)
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/netfilter/xt_connlimit.h
net/netfilter/xt_connlimit.c

index 37e933c9987d0ddf680cc58c3ffb00719d644c67..315d2dce9da66b4d9fdacba6da001f1d4fc31c84 100644 (file)
@@ -5,8 +5,13 @@ struct xt_connlimit_data;
 
 struct xt_connlimit_info {
        union {
-               __be32 v4_mask;
-               __be32 v6_mask[4];
+               union nf_inet_addr mask;
+#ifndef __KERNEL__
+               union {
+                       __be32 v4_mask;
+                       __be32 v6_mask[4];
+               };
+#endif
        };
        unsigned int limit, inverse;
 
index b7a684607c736ca8a20facf0d91dc4739d14297b..6a9e2a35718656a6841dd8f96f769a7e2fb3b5e7 100644 (file)
@@ -185,7 +185,7 @@ connlimit_mt(const struct sk_buff *skb, const struct net_device *in,
              bool *hotdrop)
 {
        const struct xt_connlimit_info *info = matchinfo;
-       union nf_inet_addr addr, mask;
+       union nf_inet_addr addr;
        struct nf_conntrack_tuple tuple;
        const struct nf_conntrack_tuple *tuple_ptr = &tuple;
        enum ip_conntrack_info ctinfo;
@@ -202,15 +202,14 @@ connlimit_mt(const struct sk_buff *skb, const struct net_device *in,
        if (match->family == AF_INET6) {
                const struct ipv6hdr *iph = ipv6_hdr(skb);
                memcpy(&addr.ip6, &iph->saddr, sizeof(iph->saddr));
-               memcpy(&mask.ip6, info->v6_mask, sizeof(info->v6_mask));
        } else {
                const struct iphdr *iph = ip_hdr(skb);
                addr.ip = iph->saddr;
-               mask.ip = info->v4_mask;
        }
 
        spin_lock_bh(&info->data->lock);
-       connections = count_them(info->data, tuple_ptr, &addr, &mask, match);
+       connections = count_them(info->data, tuple_ptr, &addr,
+                                &info->mask, match);
        spin_unlock_bh(&info->data->lock);
 
        if (connections < 0) {