diff options
| author | Florian Westphal <fw@strlen.de> | 2017-12-09 21:01:08 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-08 18:01:22 +0100 |
| commit | 625c556118f3c2fd28bb8ef6da18c53bd4037be4 (patch) | |
| tree | e67a0e7ac8ae1e482aa0af0f5363a74a37011228 /include/net | |
| parent | c2f9eafee9aaeedaad9eadbf47913f4681d723df (diff) | |
| download | linux-stable-625c556118f3c2fd28bb8ef6da18c53bd4037be4.tar.gz linux-stable-625c556118f3c2fd28bb8ef6da18c53bd4037be4.tar.bz2 linux-stable-625c556118f3c2fd28bb8ef6da18c53bd4037be4.zip | |
netfilter: connlimit: split xt_connlimit into front and backend
This allows to reuse xt_connlimit infrastructure from nf_tables.
The upcoming nf_tables frontend can just pass in an nftables register
as input key, this allows limiting by any nft-supported key, including
concatenations.
For xt_connlimit, pass in the zone and the ip/ipv6 address.
With help from Yi-Hung Wei.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netfilter/nf_conntrack_count.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack_count.h b/include/net/netfilter/nf_conntrack_count.h new file mode 100644 index 000000000000..adf8db44cf86 --- /dev/null +++ b/include/net/netfilter/nf_conntrack_count.h @@ -0,0 +1,17 @@ +#ifndef _NF_CONNTRACK_COUNT_H +#define _NF_CONNTRACK_COUNT_H + +struct nf_conncount_data; + +struct nf_conncount_data *nf_conncount_init(struct net *net, unsigned int family, + unsigned int keylen); +void nf_conncount_destroy(struct net *net, unsigned int family, + struct nf_conncount_data *data); + +unsigned int nf_conncount_count(struct net *net, + struct nf_conncount_data *data, + const u32 *key, + unsigned int family, + const struct nf_conntrack_tuple *tuple, + const struct nf_conntrack_zone *zone); +#endif |