X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=extensions%2Flibipt_limit.c;fp=extensions%2Flibipt_limit.c;h=7f0337ae6e50e9d2e505d0a473ffd9a2de6ec2d2;hb=6afea0b41dfbc3824956d11d960ad80097218feb;hp=af381fa38b135adf8c59fd1c00b2c3427742920a;hpb=f7b70cf9e00324b89b02de213bcd0dde7044d035;p=iptables.git

diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c
index af381fa..7f0337a 100644
--- a/extensions/libipt_limit.c
+++ b/extensions/libipt_limit.c
@@ -11,7 +11,8 @@
 #include <iptables.h>
 #include <stddef.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_limit.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv4/ipt_limit.h"
 
 #define IPT_LIMIT_AVG	"3/hour"
 #define IPT_LIMIT_BURST	5
@@ -80,8 +81,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache)
 	parse_rate(IPT_LIMIT_AVG, &r->avg);
 	r->burst = IPT_LIMIT_BURST;
 
-	/* Can't cache this */
-	*nfcache |= NFC_UNKNOWN;
 }
 
 /* FIXME: handle overflow:
@@ -103,19 +102,14 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 
 	switch(c) {
 	case '%':
-		if (check_inverse(optarg, &invert, NULL, 0))
-			exit_error(PARAMETER_PROBLEM,
-				   "Unexpected `!' after --limit");
+		if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
 		if (!parse_rate(optarg, &r->avg))
 			exit_error(PARAMETER_PROBLEM,
 				   "bad rate `%s'", optarg);
 		break;
 
 	case '$':
-		if (check_inverse(optarg, &invert, NULL, 0))
-			exit_error(PARAMETER_PROBLEM,
-				   "Unexpected `!' after --limit-burst");
-
+		if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
 		if (string_to_number(optarg, 0, 10000, &num) == -1)
 			exit_error(PARAMETER_PROBLEM,
 				   "bad --limit-burst `%s'", optarg);
@@ -126,6 +120,10 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 		return 0;
 	}
 
+	if (invert)
+		exit_error(PARAMETER_PROBLEM,
+			   "limit does not support invert");
+
 	return 1;
 }
 
@@ -177,20 +175,19 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
 		printf("--limit-burst %u ", r->burst);
 }
 
-static
-struct iptables_match limit
-= { NULL,
-    "limit",
-    IPTABLES_VERSION,
-    IPT_ALIGN(sizeof(struct ipt_rateinfo)),
-    offsetof(struct ipt_rateinfo, prev),
-    &help,
-    &init,
-    &parse,
-    &final_check,
-    &print,
-    &save,
-    opts
+static struct iptables_match limit = { 
+	.next		= NULL,
+	.name		= "limit",
+	.version	= IPTABLES_VERSION,
+	.size		= IPT_ALIGN(sizeof(struct ipt_rateinfo)),
+	.userspacesize	= offsetof(struct ipt_rateinfo, prev),
+	.help		= &help,
+	.init		= &init,
+	.parse		= &parse,
+	.final_check	= &final_check,
+	.print		= &print,
+	.save		= &save,
+	.extra_opts	= opts
 };
 
 void _init(void)