Restore revision 0 dispite it's called obsolete and removed from vanila kernel:
commit 68c07cb6d8aa05daf38ab47d5bb674d81a2066fb Author: Cong Wang <[email protected]> Date: Sat May 19 04:39:01 2012 +0000 RH6 containers with old userspace need it and we don't want to upset their users. https://jira.sw.ru/browse/PSBM-40186 Signed-off-by: Kirill Tkhai <[email protected]> --- include/uapi/linux/netfilter/xt_connlimit.h | 9 +++++-- net/netfilter/xt_connlimit.c | 35 +++++++++++++++++++-------- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/include/uapi/linux/netfilter/xt_connlimit.h b/include/uapi/linux/netfilter/xt_connlimit.h index f165609..d1366f0 100644 --- a/include/uapi/linux/netfilter/xt_connlimit.h +++ b/include/uapi/linux/netfilter/xt_connlimit.h @@ -22,8 +22,13 @@ struct xt_connlimit_info { #endif }; unsigned int limit; - /* revision 1 */ - __u32 flags; + union { + /* revision 0 */ + unsigned int inverse; + + /* revision 1 */ + __u32 flags; + }; /* Used internally by the kernel */ struct xt_connlimit_data *data __attribute__((aligned(8))); diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index fbc66bb..34aa0ba 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c @@ -426,15 +426,27 @@ static void connlimit_mt_destroy(const struct xt_mtdtor_param *par) kfree(info->data); } -static struct xt_match connlimit_mt_reg __read_mostly = { - .name = "connlimit", - .revision = 1, - .family = NFPROTO_UNSPEC, - .checkentry = connlimit_mt_check, - .match = connlimit_mt, - .matchsize = sizeof(struct xt_connlimit_info), - .destroy = connlimit_mt_destroy, - .me = THIS_MODULE, +static struct xt_match connlimit_mt_reg[] __read_mostly = { + { + .name = "connlimit", + .revision = 0, + .family = NFPROTO_UNSPEC, + .checkentry = connlimit_mt_check, + .match = connlimit_mt, + .matchsize = sizeof(struct xt_connlimit_info), + .destroy = connlimit_mt_destroy, + .me = THIS_MODULE, + }, + { + .name = "connlimit", + .revision = 1, + .family = NFPROTO_UNSPEC, + .checkentry = connlimit_mt_check, + .match = connlimit_mt, + .matchsize = sizeof(struct xt_connlimit_info), + .destroy = connlimit_mt_destroy, + .me = THIS_MODULE, + }, }; static int __init connlimit_mt_init(void) @@ -460,7 +472,8 @@ static int __init connlimit_mt_init(void) kmem_cache_destroy(connlimit_conn_cachep); return -ENOMEM; } - ret = xt_register_match(&connlimit_mt_reg); + ret = xt_register_matches(connlimit_mt_reg, + ARRAY_SIZE(connlimit_mt_reg)); if (ret != 0) { kmem_cache_destroy(connlimit_conn_cachep); kmem_cache_destroy(connlimit_rb_cachep); @@ -470,7 +483,7 @@ static int __init connlimit_mt_init(void) static void __exit connlimit_mt_exit(void) { - xt_unregister_match(&connlimit_mt_reg); + xt_unregister_matches(connlimit_mt_reg, ARRAY_SIZE(connlimit_mt_reg)); kmem_cache_destroy(connlimit_conn_cachep); kmem_cache_destroy(connlimit_rb_cachep); } _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
