summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net/netfilter/xt_connlimit.c20
1 files changed, 9 insertions, 11 deletions
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index e029c4807404..1f4b9f9da496 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -33,8 +33,9 @@
/* we will save the tuples of all connections we care about */
struct xt_connlimit_conn {
- struct list_head list;
- struct nf_conntrack_tuple tuple;
+ struct list_head list;
+ struct nf_conntrack_tuple tuple;
+ union nf_inet_addr addr;
};
struct xt_connlimit_data {
@@ -151,7 +152,7 @@ static int count_them(struct net *net,
continue;
}
- if (same_source_net(addr, mask, &conn->tuple.src.u3, family))
+ if (same_source_net(addr, mask, &conn->addr, family))
/* same source network -> be counted! */
++matches;
nf_ct_put(found_ct);
@@ -165,6 +166,7 @@ static int count_them(struct net *net,
if (conn == NULL)
return -ENOMEM;
conn->tuple = *tuple;
+ conn->addr = *addr;
list_add(&conn->list, hash);
++matches;
}
@@ -185,15 +187,11 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
int connections;
ct = nf_ct_get(skb, &ctinfo);
- if (ct != NULL) {
- if (info->flags & XT_CONNLIMIT_DADDR)
- tuple_ptr = &ct->tuplehash[IP_CT_DIR_REPLY].tuple;
- else
- tuple_ptr = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
- } else if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb),
- par->family, &tuple)) {
+ if (ct != NULL)
+ tuple_ptr = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
+ else if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb),
+ par->family, &tuple))
goto hotdrop;
- }
if (par->family == NFPROTO_IPV6) {
const struct ipv6hdr *iph = ipv6_hdr(skb);