From 3a18502421ac22d8c047664486e613b69fac8b74 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Fri, 11 Feb 2011 18:00:07 +0100 Subject: [PATCH] --- yaml --- r: 237527 b: refs/heads/master c: 44bd4de9c2270b22c3c898310102bc6be9ed2978 h: refs/heads/master i: 237525: d46e722188c8f0ea52e25a451e23038215707383 237523: 276dcf47368dfc6a2863bf78143cd9b12b6d25c3 237519: 3d0e3a08883fb2ada3cd5acc8e9f58efa9302eb8 v: v3 --- [refs] | 2 +- trunk/net/netfilter/xt_connlimit.c | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/[refs] b/[refs] index f5c8818bd330..fbcd27b893cc 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: c16e19c11730199c1df686b160c9c972ad28baf8 +refs/heads/master: 44bd4de9c2270b22c3c898310102bc6be9ed2978 diff --git a/trunk/net/netfilter/xt_connlimit.c b/trunk/net/netfilter/xt_connlimit.c index e029c4807404..82ce7c5fbbc2 100644 --- a/trunk/net/netfilter/xt_connlimit.c +++ b/trunk/net/netfilter/xt_connlimit.c @@ -97,7 +97,8 @@ static int count_them(struct net *net, const struct nf_conntrack_tuple *tuple, const union nf_inet_addr *addr, const union nf_inet_addr *mask, - u_int8_t family) + u_int8_t family, + unsigned int threshold) { const struct nf_conntrack_tuple_hash *found; struct xt_connlimit_conn *conn; @@ -151,9 +152,14 @@ static int count_them(struct net *net, continue; } - if (same_source_net(addr, mask, &conn->tuple.src.u3, family)) + if (same_source_net(addr, mask, &conn->tuple.src.u3, family)) { /* same source network -> be counted! */ ++matches; + if (matches > threshold) { + nf_ct_put(found_ct); + break; + } + } nf_ct_put(found_ct); } @@ -207,7 +213,8 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par) spin_lock_bh(&info->data->lock); connections = count_them(net, info->data, tuple_ptr, &addr, - &info->mask, par->family); + &info->mask, par->family, + info->limit); spin_unlock_bh(&info->data->lock); if (connections < 0)