[netfilter-cvslog] r3688 - branches/patch-o-matic-ng/linux-2.6.11/connlimit/linux-2.6/net/ipv4/netfilter

laforge at netfilter.org laforge at netfilter.org
Tue Feb 15 00:09:24 CET 2005 

Author: laforge at netfilter.org
Date: 2005-02-15 00:09:23 +0100 (Tue, 15 Feb 2005)
New Revision: 3688

Modified:
   branches/patch-o-matic-ng/linux-2.6.11/connlimit/linux-2.6/net/ipv4/netfilter/ipt_connlimit.c
Log:
post-2.6.11 connlimit (Phil Oester)


Modified: branches/patch-o-matic-ng/linux-2.6.11/connlimit/linux-2.6/net/ipv4/netfilter/ipt_connlimit.c
===================================================================
--- branches/patch-o-matic-ng/linux-2.6.11/connlimit/linux-2.6/net/ipv4/netfilter/ipt_connlimit.c	2005-02-14 13:13:04 UTC (rev 3687)
+++ branches/patch-o-matic-ng/linux-2.6.11/connlimit/linux-2.6/net/ipv4/netfilter/ipt_connlimit.c	2005-02-14 23:09:23 UTC (rev 3688)
@@ -58,6 +58,7 @@
 	int addit = 1, matches = 0;
 	struct ip_conntrack_tuple tuple;
 	struct ip_conntrack_tuple_hash *found;
+	struct ip_conntrack *foundct = NULL;
 	struct ipt_connlimit_conn *conn;
 	struct list_head *hash,*lh;
 
@@ -69,9 +70,11 @@
 	for (lh = hash->next; lh != hash; lh = lh->next) {
 		conn = list_entry(lh,struct ipt_connlimit_conn,list);
 		found = ip_conntrack_find_get(&conn->tuple,ct);
+		if (found)
+			foundct = tuplehash_to_ctrack(found);
 		if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) &&
 		    found != NULL &&
-		    found->ctrack->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
+		    foundct->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
 			/* Just to be sure we have it only once in the list.
 			   We should'nt see tuples twice unless someone hooks this
 			   into a table without "-p tcp --syn" */
@@ -82,7 +85,7 @@
 		       ipt_iphash(addr & mask),
 		       NIPQUAD(conn->tuple.src.ip), ntohs(conn->tuple.src.u.tcp.port),
 		       NIPQUAD(conn->tuple.dst.ip), ntohs(conn->tuple.dst.u.tcp.port),
-		       (NULL != found) ? tcp[found->ctrack->proto.tcp.state] : "gone");
+		       (NULL != found) ? tcp[foundct->proto.tcp.state] : "gone");
 #endif
 		if (NULL == found) {
 			/* this one is gone */
@@ -91,20 +94,20 @@
 			kfree(conn);
 			continue;
 		}
-		if (found->ctrack->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT) {
+		if (foundct->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT) {
 			/* we don't care about connections which are
 			   closed already -> ditch it */
 			lh = lh->prev;
 			list_del(lh->next);
 			kfree(conn);
-			nf_conntrack_put(&found->ctrack->infos[0]);
+			nf_conntrack_put(&foundct->ct_general);
 			continue;
 		}
 		if ((addr & mask) == (conn->tuple.src.ip & mask)) {
 			/* same source IP address -> be counted! */
 			matches++;
 		}
-		nf_conntrack_put(&found->ctrack->infos[0]);
+		nf_conntrack_put(&foundct->ct_general);
 	}
 	if (addit) {
 		/* save the new connection in our list */

More information about the netfilter-cvslog mailing list