[netfilter-cvslog] r3808 - trunk/patch-o-matic-ng/connlimit/linux-2.6.11/net/ipv4/netfilter

laforge at netfilter.org laforge at netfilter.org
Tue Mar 29 11:01:11 CEST 2005 

Author: laforge at netfilter.org
Date: 2005-03-29 11:01:10 +0200 (Tue, 29 Mar 2005)
New Revision: 3808

Modified:
   trunk/patch-o-matic-ng/connlimit/linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c
Log:
update to work with post-2.6.11 conntrack


Modified: trunk/patch-o-matic-ng/connlimit/linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c
===================================================================
--- trunk/patch-o-matic-ng/connlimit/linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c	2005-03-29 08:11:02 UTC (rev 3807)
+++ trunk/patch-o-matic-ng/connlimit/linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c	2005-03-29 09:01:10 UTC (rev 3808)
@@ -67,11 +67,12 @@
 
 	/* check the saved connections */
 	for (lh = hash->next; lh != hash; lh = lh->next) {
-		conn = list_entry(lh,struct ipt_connlimit_conn,list);
-		found = ip_conntrack_find_get(&conn->tuple,ct);
+	     conn = list_entry(lh,struct ipt_connlimit_conn,list);
+	     found = ip_conntrack_find_get(&conn->tuple,ct);
+	        struct ip_conntrack *ct;
 		if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) &&
-		    found != NULL &&
-		    found->ctrack->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
+		    found != NULL && ct = tuplehash_to_ctrack(found) &&
+		    ct->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
 			/* Just to be sure we have it only once in the list.
 			   We should'nt see tuples twice unless someone hooks this
 			   into a table without "-p tcp --syn" */
@@ -82,7 +83,7 @@
 		       ipt_iphash(addr & mask),
 		       NIPQUAD(conn->tuple.src.ip), ntohs(conn->tuple.src.u.tcp.port),
 		       NIPQUAD(conn->tuple.dst.ip), ntohs(conn->tuple.dst.u.tcp.port),
-		       (NULL != found) ? tcp[found->ctrack->proto.tcp.state] : "gone");
+		       (NULL != found) ? tcp[ct->proto.tcp.state] : "gone");
 #endif
 		if (NULL == found) {
 			/* this one is gone */
@@ -91,20 +92,20 @@
 			kfree(conn);
 			continue;
 		}
-		if (found->ctrack->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT) {
+		if (ct->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT) {
 			/* we don't care about connections which are
 			   closed already -> ditch it */
 			lh = lh->prev;
 			list_del(lh->next);
 			kfree(conn);
-			nf_conntrack_put(&found->ctrack->infos[0]);
+			nf_conntrack_put(&ct->ct_general);
 			continue;
 		}
 		if ((addr & mask) == (conn->tuple.src.ip & mask)) {
 			/* same source IP address -> be counted! */
 			matches++;
 		}
-		nf_conntrack_put(&found->ctrack->infos[0]);
+		nf_conntrack_put(&ct->ct_general);
 	}
 	if (addit) {
 		/* save the new connection in our list */

More information about the netfilter-cvslog mailing list