← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/iptables/oneiric

« back to all changes in this revision

Viewing changes to extensions/libxt_connlimit.c

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge, Lorenzo De Liso, Jamie Strandboge
  • Date: 2010-11-12 15:58:40 UTC
  • mfrom: (5.1.8 upstream) (2.1.11 sid)
  • Revision ID: james.westby@ubuntu.com-20101112155840-jm07l9o9722h0bvm
Tags: 1.4.10-1ubuntu1
https://launchpad.net/bugs/671652
[ Lorenzo De Liso ]
* Merge from debian unstable (LP: #671652), remaining changes:
  - Don't fail to run iptables-save if iptables module isn't loaded.
  - Revert changes between 1.4.1.1-3 and 1.4.1.1-4, thus bringing back
    the howtos.
  - Added linuxdoc-tools to Build-Depends
  - Modified debian/iptables{,-dev}.install to match DM syntax
    (removed debian/tmp)
  - Added -fno-strict-aliasing -Werror switches to regular_CFLAGS
    for catching errors early
  - Removed unused TC_NUM_RULES() and TC_GET_RULE()
* debian/patches/03-compilation-error.patch: updated
* debian/patches/0600-makefile_jedi_handwaving.patch: updated
* Dropped changes:
  - debian/patches/0902-docs-version-reference.diff: modifies files inside
    the debian/ directory and hence is not needed

[ Jamie Strandboge ]
* debian/patches/9000-howtos.patch:
  - combine 0102-howtos.patch and 0103-sgml_errors.patch into this patch
    and apply after the Debian patches for easier maintenance
  - add DEP-3 comments
* debian/patches/9001-build-libipq_pic.la.patch:
  - Build libipq_pic.la with -fPIC
  - add DEP-3 comments
* debian/iptables-dev.install: install lib/*.la in usr/lib
* merge debian/patches/9002-xt_recent-reap.patch:
  - support for the xt_recent filter --reap switch (refreshed and updated)
  - add DEP-3 comments
* debian/patches/9003-compilation-error.patch:
  - renamed 03-compilation-error.patch as 9003-compilation-error.patch
  - apply after Debian patches for easier maintenance
  - add DEP-3 comments
* debian/iptables.doc-base.{nat|packet-filter}: update for 2.6
* Dropped changes:
  - Replaced ipt_DSCP.h by xpt_DSCP.h in ipt_ECN.h and ipt_echn.h (applied
    upstream)
  - 9001-build-libipq_pic.a.patch (using la instead)

Show diffs side-by-side

added added

removed removed

Lines of Context:
extensions/libxt_connlimit.c
1
1
/* Shared library add-on to iptables to add connection limit support. */
 
2
#include <stdbool.h>
2
3
#include <stdio.h>
3
4
#include <netdb.h>
4
5
#include <string.h>
18
19
}
19
20
 
20
21
static const struct option connlimit_opts[] = {
21
 
        {"connlimit-above", 1, NULL, 'A'},
22
 
        {"connlimit-mask",  1, NULL, 'M'},
23
 
        { .name = NULL }
 
22
        {.name = "connlimit-above", .has_arg = true, .val = 'A'},
 
23
        {.name = "connlimit-mask",  .has_arg = true, .val = 'M'},
 
24
        XT_GETOPT_TABLEEND,
24
25
};
25
26
 
26
27
static void connlimit_init(struct xt_entry_match *match)
65
66
                        xtables_error(PARAMETER_PROBLEM,
66
67
                                "--connlimit-above may be given only once");
67
68
                *flags |= 0x1;
68
 
                xtables_check_inverse(optarg, &invert, &optind, 0);
69
 
                info->limit   = strtoul(argv[optind-1], NULL, 0);
 
69
                xtables_check_inverse(optarg, &invert, &optind, 0, argv);
 
70
                info->limit   = strtoul(optarg, NULL, 0);
70
71
                info->inverse = invert;
71
72
                break;
72
73
        case 'M':
75
76
                                "--connlimit-mask may be given only once");
76
77
 
77
78
                *flags |= 0x2;
78
 
                i = strtoul(argv[optind-1], &err, 0);
 
79
                i = strtoul(optarg, &err, 0);
79
80
                if (family == NFPROTO_IPV6) {
80
81
                        if (i > 128 || *err != '\0')
81
82
                                xtables_error(PARAMETER_PROBLEM,
179
180
               count_bits6(info->v6_mask));
180
181
}
181
182
 
182
 
static struct xtables_match connlimit_match = {
183
 
        .name          = "connlimit",
184
 
        .family        = NFPROTO_IPV4,
185
 
        .version       = XTABLES_VERSION,
186
 
        .size          = XT_ALIGN(sizeof(struct xt_connlimit_info)),
187
 
        .userspacesize = offsetof(struct xt_connlimit_info, data),
188
 
        .help          = connlimit_help,
189
 
        .init          = connlimit_init,
190
 
        .parse         = connlimit_parse4,
191
 
        .final_check   = connlimit_check,
192
 
        .print         = connlimit_print4,
193
 
        .save          = connlimit_save4,
194
 
        .extra_opts    = connlimit_opts,
195
 
};
196
 
 
197
 
static struct xtables_match connlimit_match6 = {
198
 
        .name          = "connlimit",
199
 
        .family        = NFPROTO_IPV6,
200
 
        .version       = XTABLES_VERSION,
201
 
        .size          = XT_ALIGN(sizeof(struct xt_connlimit_info)),
202
 
        .userspacesize = offsetof(struct xt_connlimit_info, data),
203
 
        .help          = connlimit_help,
204
 
        .init          = connlimit_init,
205
 
        .parse         = connlimit_parse6,
206
 
        .final_check   = connlimit_check,
207
 
        .print         = connlimit_print6,
208
 
        .save          = connlimit_save6,
209
 
        .extra_opts    = connlimit_opts,
 
183
static struct xtables_match connlimit_mt_reg[] = {
 
184
        {
 
185
                .name          = "connlimit",
 
186
                .family        = NFPROTO_IPV4,
 
187
                .version       = XTABLES_VERSION,
 
188
                .size          = XT_ALIGN(sizeof(struct xt_connlimit_info)),
 
189
                .userspacesize = offsetof(struct xt_connlimit_info, data),
 
190
                .help          = connlimit_help,
 
191
                .init          = connlimit_init,
 
192
                .parse         = connlimit_parse4,
 
193
                .final_check   = connlimit_check,
 
194
                .print         = connlimit_print4,
 
195
                .save          = connlimit_save4,
 
196
                .extra_opts    = connlimit_opts,
 
197
        },
 
198
        {
 
199
                .name          = "connlimit",
 
200
                .family        = NFPROTO_IPV6,
 
201
                .version       = XTABLES_VERSION,
 
202
                .size          = XT_ALIGN(sizeof(struct xt_connlimit_info)),
 
203
                .userspacesize = offsetof(struct xt_connlimit_info, data),
 
204
                .help          = connlimit_help,
 
205
                .init          = connlimit_init,
 
206
                .parse         = connlimit_parse6,
 
207
                .final_check   = connlimit_check,
 
208
                .print         = connlimit_print6,
 
209
                .save          = connlimit_save6,
 
210
                .extra_opts    = connlimit_opts,
 
211
        },
210
212
};
211
213
 
212
214
void _init(void)
213
215
{
214
 
        xtables_register_match(&connlimit_match);
215
 
        xtables_register_match(&connlimit_match6);
 
216
        xtables_register_matches(connlimit_mt_reg, ARRAY_SIZE(connlimit_mt_reg));
216
217
}