diff options
author | Jan Engelhardt <jengelh@gmx.de> | 2007-07-14 20:47:26 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-07-14 20:47:26 -0700 |
commit | 370786f9cfd430cb424f00ce4110e75bb1b95a19 (patch) | |
tree | df0e51882850f8db8da8f6e4ab746179b1993b9c /include/linux | |
parent | a887c1c148ffb3eb1c193e9869ca5297c6e22078 (diff) |
[NETFILTER]: x_tables: add connlimit match
ipt_connlimit has been sitting in POM-NG for a long time.
Here is a new shiny xt_connlimit with:
* xtables'ified
* will request the layer3 module
(previously it hotdropped every packet when it was not loaded)
* fixed: there was a deadlock in case of an OOM condition
* support for any layer4 protocol (e.g. UDP/SCTP)
* using jhash, as suggested by Eric Dumazet
* ipv6 support
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter/xt_connlimit.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h new file mode 100644 index 00000000000..90ae8b474cb --- /dev/null +++ b/include/linux/netfilter/xt_connlimit.h @@ -0,0 +1,17 @@ +#ifndef _XT_CONNLIMIT_H +#define _XT_CONNLIMIT_H + +struct xt_connlimit_data; + +struct xt_connlimit_info { + union { + u_int32_t v4_mask; + u_int32_t v6_mask[4]; + }; + unsigned int limit, inverse; + + /* this needs to be at the end */ + struct xt_connlimit_data *data __attribute__((aligned(8))); +}; + +#endif /* _XT_CONNLIMIT_H */ |