netfilter: connlimit: split xt_connlimit into front and backend
This allows to reuse xt_connlimit infrastructure from nf_tables. The upcoming nf_tables frontend can just pass in an nftables register as input key, this allows limiting by any nft-supported key, including concatenations. For xt_connlimit, pass in the zone and the ip/ipv6 address. With help from Yi-Hung Wei. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal
committed by
Pablo Neira Ayuso
Pablo Neira Ayuso
parent
c2f9eafee9
commit
625c556118
17
include/net/netfilter/nf_conntrack_count.h
Normal file
17
include/net/netfilter/nf_conntrack_count.h
Normal file
@@ -0,0 +1,17 @@
|
||||
#ifndef _NF_CONNTRACK_COUNT_H
|
||||
#define _NF_CONNTRACK_COUNT_H
|
||||
|
||||
struct nf_conncount_data;
|
||||
|
||||
struct nf_conncount_data *nf_conncount_init(struct net *net, unsigned int family,
|
||||
unsigned int keylen);
|
||||
void nf_conncount_destroy(struct net *net, unsigned int family,
|
||||
struct nf_conncount_data *data);
|
||||
|
||||
unsigned int nf_conncount_count(struct net *net,
|
||||
struct nf_conncount_data *data,
|
||||
const u32 *key,
|
||||
unsigned int family,
|
||||
const struct nf_conntrack_tuple *tuple,
|
||||
const struct nf_conntrack_zone *zone);
|
||||
#endif
|
||||
Reference in New Issue
Block a user