git://git.onelab.eu / iptables.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
iptables-1.3.2-20050720
[iptables.git] / extensions / libipt_connlimit.c
diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c
index c82c6e4..17b4d13 100644 (file)
--- a/extensions/libipt_connlimit.c
+++ b/extensions/libipt_connlimit.c
@@ -26,14 +26,6 @@ static struct option opts[] = {
        {0}
 };
 
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
-       /* Can't cache this */
-       *nfcache |= NFC_UNKNOWN;
-}
-
 /* Function which parses command options; returns true if it
    ate an option */
 static int
@@ -43,6 +35,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
       struct ipt_entry_match **match)
 {
        struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)(*match)->data;
+       int i;
 
        if (0 == (*flags & 2)) {
                /* set default mask unless we've already seen a mask option */
@@ -58,7 +51,15 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                break;
 
        case '2':
-               info->mask = htonl(0xFFFFFFFF << (32 - atoi(argv[optind-1])));
+               i = atoi(argv[optind-1]);
+               if ((i < 0) || (i > 32))
+                       exit_error(PARAMETER_PROBLEM,
+                               "--connlimit-mask must be between 0 and 32");
+
+               if (i == 0)
+                       info->mask = 0;
+               else
+                       info->mask = htonl(0xFFFFFFFF << (32 - i));
                *flags |= 2;
                break;
 
@@ -113,17 +114,16 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
 }
 
 static struct iptables_match connlimit = {
-       name:           "connlimit",
-       version:        IPTABLES_VERSION,
-       size:           IPT_ALIGN(sizeof(struct ipt_connlimit_info)),
-       userspacesize:  offsetof(struct ipt_connlimit_info,data),
-       help:           help,
-       init:           init,
-       parse:          parse,
-       final_check:    final_check,
-       print:          print,
-       save:           save,
-       extra_opts:     opts
+       .name           = "connlimit",
+       .version        = IPTABLES_VERSION,
+       .size           = IPT_ALIGN(sizeof(struct ipt_connlimit_info)),
+       .userspacesize  = offsetof(struct ipt_connlimit_info,data),
+       .help           = help,
+       .parse          = parse,
+       .final_check    = final_check,
+       .print          = print,
+       .save           = save,
+       .extra_opts     = opts
 };
 
 void _init(void)
iptables