aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter/xt_connlimit.h9
-rw-r--r--net/netfilter/xt_connlimit.c7
2 files changed, 10 insertions, 6 deletions
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 37e933c9987..315d2dce9da 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -5,8 +5,13 @@ struct xt_connlimit_data;
struct xt_connlimit_info {
union {
- __be32 v4_mask;
- __be32 v6_mask[4];
+ union nf_inet_addr mask;
+#ifndef __KERNEL__
+ union {
+ __be32 v4_mask;
+ __be32 v6_mask[4];
+ };
+#endif
};
unsigned int limit, inverse;
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index b7a684607c7..6a9e2a35718 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -185,7 +185,7 @@ connlimit_mt(const struct sk_buff *skb, const struct net_device *in,
bool *hotdrop)
{
const struct xt_connlimit_info *info = matchinfo;
- union nf_inet_addr addr, mask;
+ union nf_inet_addr addr;
struct nf_conntrack_tuple tuple;
const struct nf_conntrack_tuple *tuple_ptr = &tuple;
enum ip_conntrack_info ctinfo;
@@ -202,15 +202,14 @@ connlimit_mt(const struct sk_buff *skb, const struct net_device *in,
if (match->family == AF_INET6) {
const struct ipv6hdr *iph = ipv6_hdr(skb);
memcpy(&addr.ip6, &iph->saddr, sizeof(iph->saddr));
- memcpy(&mask.ip6, info->v6_mask, sizeof(info->v6_mask));
} else {
const struct iphdr *iph = ip_hdr(skb);
addr.ip = iph->saddr;
- mask.ip = info->v4_mask;
}
spin_lock_bh(&info->data->lock);
- connections = count_them(info->data, tuple_ptr, &addr, &mask, match);
+ connections = count_them(info->data, tuple_ptr, &addr,
+ &info->mask, match);
spin_unlock_bh(&info->data->lock);
if (connections < 0) {