{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
struct ipt_entry_match **match)
{
struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)(*match)->data;
+ int i;
if (0 == (*flags & 2)) {
/* set default mask unless we've already seen a mask option */
break;
case '2':
- info->mask = htonl(0xFFFFFFFF << (32 - atoi(argv[optind-1])));
+ i = atoi(argv[optind-1]);
+ if ((i < 0) || (i > 32))
+ exit_error(PARAMETER_PROBLEM,
+ "--connlimit-mask must be between 0 and 32");
+
+ if (i == 0)
+ info->mask = 0;
+ else
+ info->mask = htonl(0xFFFFFFFF << (32 - i));
*flags |= 2;
break;
}
static struct iptables_match connlimit = {
- name: "connlimit",
- version: IPTABLES_VERSION,
- size: IPT_ALIGN(sizeof(struct ipt_connlimit_info)),
- userspacesize: offsetof(struct ipt_connlimit_info,data),
- help: help,
- init: init,
- parse: parse,
- final_check: final_check,
- print: print,
- save: save,
- extra_opts: opts
+ .name = "connlimit",
+ .version = IPTABLES_VERSION,
+ .size = IPT_ALIGN(sizeof(struct ipt_connlimit_info)),
+ .userspacesize = offsetof(struct ipt_connlimit_info,data),
+ .help = help,
+ .parse = parse,
+ .final_check = final_check,
+ .print = print,
+ .save = save,
+ .extra_opts = opts
};
void _init(void)