625c556118
This allows to reuse xt_connlimit infrastructure from nf_tables. The upcoming nf_tables frontend can just pass in an nftables register as input key, this allows limiting by any nft-supported key, including concatenations. For xt_connlimit, pass in the zone and the ip/ipv6 address. With help from Yi-Hung Wei. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
34 lines
601 B
C
34 lines
601 B
C
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
|
|
#ifndef _XT_CONNLIMIT_H
|
|
#define _XT_CONNLIMIT_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/netfilter.h>
|
|
|
|
struct xt_connlimit_data;
|
|
|
|
enum {
|
|
XT_CONNLIMIT_INVERT = 1 << 0,
|
|
XT_CONNLIMIT_DADDR = 1 << 1,
|
|
};
|
|
|
|
struct xt_connlimit_info {
|
|
union {
|
|
union nf_inet_addr mask;
|
|
#ifndef __KERNEL__
|
|
union {
|
|
__be32 v4_mask;
|
|
__be32 v6_mask[4];
|
|
};
|
|
#endif
|
|
};
|
|
unsigned int limit;
|
|
/* revision 1 */
|
|
__u32 flags;
|
|
|
|
/* Used internally by the kernel */
|
|
struct nf_conncount_data *data __attribute__((aligned(8)));
|
|
};
|
|
|
|
#endif /* _XT_CONNLIMIT_H */
|