xt_connlimit 20070625
Jan Engelhardt
jengelh at computergmbh.de
Thu Jun 28 21:23:29 CEST 2007
On Jun 25 2007 13:41, Patrick McHardy wrote:
>> + /* check the saved connections */
>> + list_for_each_entry_safe(conn, tmp, hash, list) {
>> + found = nf_conntrack_find_get(&conn->tuple, ct);
>
> Something for the hopefully near future: with ct_extend you could
> allocate a dummy ct extension and use the destructor to remove
> connections, which will avoid this expansive searching.
There's just one problem... judging from example code
(`a=96ef23541211a66adb0504d1451ee318965ac525; git diff $a^..$a` in your
nf-2.6.23.git tree), the struct nf_ct_ext_type->cleanup() handler is only
called with "struct nf_conn *", but that does not help at all. xt_connlimit
needs the "struct xt_connlimit_data", which is only accessible through
xt_match's void *matchinfo (per-match private info).
Ideas?
Thanks,
Jan
--
More information about the netfilter-devel
mailing list