X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=extensions%2Flibipt_connlimit.c;h=17b4d13b8051b930136fcc5786056b747edfa3ee;hb=6afea0b41dfbc3824956d11d960ad80097218feb;hp=c82c6e4d130aadf8698be0a2545fe2c4ba580352;hpb=f7b70cf9e00324b89b02de213bcd0dde7044d035;p=iptables.git diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c index c82c6e4..17b4d13 100644 --- a/extensions/libipt_connlimit.c +++ b/extensions/libipt_connlimit.c @@ -26,14 +26,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -43,6 +35,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, struct ipt_entry_match **match) { struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)(*match)->data; + int i; if (0 == (*flags & 2)) { /* set default mask unless we've already seen a mask option */ @@ -58,7 +51,15 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '2': - info->mask = htonl(0xFFFFFFFF << (32 - atoi(argv[optind-1]))); + i = atoi(argv[optind-1]); + if ((i < 0) || (i > 32)) + exit_error(PARAMETER_PROBLEM, + "--connlimit-mask must be between 0 and 32"); + + if (i == 0) + info->mask = 0; + else + info->mask = htonl(0xFFFFFFFF << (32 - i)); *flags |= 2; break; @@ -113,17 +114,16 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) } static struct iptables_match connlimit = { - name: "connlimit", - version: IPTABLES_VERSION, - size: IPT_ALIGN(sizeof(struct ipt_connlimit_info)), - userspacesize: offsetof(struct ipt_connlimit_info,data), - help: help, - init: init, - parse: parse, - final_check: final_check, - print: print, - save: save, - extra_opts: opts + .name = "connlimit", + .version = IPTABLES_VERSION, + .size = IPT_ALIGN(sizeof(struct ipt_connlimit_info)), + .userspacesize = offsetof(struct ipt_connlimit_info,data), + .help = help, + .parse = parse, + .final_check = final_check, + .print = print, + .save = save, + .extra_opts = opts }; void _init(void)