SOURCES (LINUX_2_6_20): pom-ng-connlimit-20061213_nf_conntrack_por...

Tue, 06 Feb 2007 01:11:31 -0800 

Author: mguevara                     Date: Tue Feb  6 09:11:20 2007 GMT
Module: SOURCES                       Tag: LINUX_2_6_20
---- Log message:
- in 2.6.20 we do not build ip_conntrack but nf_conntrack - this patch
  will enable building of ipt_connlimit module with nf_conntrack support.
- builds , but not yet tested.

---- Files affected:
SOURCES:
   pom-ng-connlimit-20061213_nf_conntrack_port.patch (NONE -> 1.1.2.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/pom-ng-connlimit-20061213_nf_conntrack_port.patch
diff -u /dev/null 
SOURCES/pom-ng-connlimit-20061213_nf_conntrack_port.patch:1.1.2.1
--- /dev/null   Tue Feb  6 10:11:20 2007
+++ SOURCES/pom-ng-connlimit-20061213_nf_conntrack_port.patch   Tue Feb  6 
10:11:15 2007
@@ -0,0 +1,91 @@
+--- linux-2.6.20-0.1/net/ipv4/netfilter/ipt_connlimit.c        2007-02-05 
22:17:02.000000000 +0100
++++ linux-2.6.20-temp/net/ipv4/netfilter/ipt_connlimit.c       2007-02-06 
10:12:58.000000000 +0100
+@@ -4,6 +4,8 @@
+  *   (c) 2000 Gerd Knorr <[EMAIL PROTECTED]>
+  *   Nov 2002: Martin Bene <[EMAIL PROTECTED]>:
+  *            only ignore TIME_WAIT or gone connections
++ *   Feb 2007: Marek Guevara Braun <[EMAIL PROTECTED]>:
++ *            from ip_conntrack to nf_conntrack
+  *
+  * based on ...
+  *
+@@ -14,9 +16,10 @@
+ #include <linux/skbuff.h>
+ #include <linux/version.h>
+ #include <linux/list.h>
+-#include <linux/netfilter_ipv4/ip_conntrack.h>
+-#include <linux/netfilter_ipv4/ip_conntrack_core.h>
+-#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
++#include <net/netfilter/nf_conntrack.h>
++#include <net/netfilter/nf_conntrack_core.h>
++#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
++#include <net/netfilter/nf_conntrack_compat.h>
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter_ipv4/ipt_connlimit.h>
+ 
+@@ -28,7 +31,7 @@ MODULE_LICENSE("GPL");
+ struct ipt_connlimit_conn
+ {
+         struct list_head list;
+-      struct ip_conntrack_tuple tuple;
++      struct nf_conntrack_tuple tuple;
+ };
+ 
+ struct ipt_connlimit_data {
+@@ -43,7 +46,7 @@ static inline unsigned ipt_iphash(const 
+ 
+ static int count_them(struct ipt_connlimit_data *data,
+                     u_int32_t addr, u_int32_t mask,
+-                    struct ip_conntrack *ct)
++                    struct nf_conn *ct)
+ {
+ #if DEBUG
+       const static char *tcp[] = { "none", "established", "syn_sent", 
"syn_recv",
+@@ -51,8 +54,8 @@ static int count_them(struct ipt_connlim
+                                    "last_ack", "listen" };
+ #endif
+       int addit = 1, matches = 0;
+-      struct ip_conntrack_tuple tuple;
+-      struct ip_conntrack_tuple_hash *found;
++      struct nf_conntrack_tuple tuple;
++      struct nf_conntrack_tuple_hash *found;
+       struct ipt_connlimit_conn *conn;
+       struct list_head *hash,*lh;
+ 
+@@ -62,11 +65,11 @@ static int count_them(struct ipt_connlim
+ 
+       /* check the saved connections */
+       for (lh = hash->next; lh != hash; lh = lh->next) {
+-              struct ip_conntrack *found_ct = NULL;
++              struct nf_conn *found_ct = NULL;
+               conn = list_entry(lh,struct ipt_connlimit_conn,list);
+-              found = ip_conntrack_find_get(&conn->tuple,ct);
++              found = nf_conntrack_find_get(&conn->tuple,ct);
+                if (found != NULL 
+-                   && (found_ct = tuplehash_to_ctrack(found)) != NULL
++                   && (found_ct = nf_ct_tuplehash_to_ctrack(found)) != NULL
+                    && 0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) 
+                    && found_ct->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
+                       /* Just to be sure we have it only once in the list.
+@@ -97,7 +100,7 @@ static int count_them(struct ipt_connlim
+                       nf_conntrack_put(&found_ct->ct_general);
+                       continue;
+               }
+-              if ((addr & mask) == (conn->tuple.src.ip & mask)) {
++              if ((addr & mask) == (conn->tuple.src.u3.ip & mask)) {
+                       /* same source IP address -> be counted! */
+                       matches++;
+               }
+@@ -142,10 +145,10 @@ match(const struct sk_buff *skb,
+ {
+       const struct ipt_connlimit_info *info = matchinfo;
+       int connections, rv;
+-      struct ip_conntrack *ct;
++      struct nf_conn *ct;
+       enum ip_conntrack_info ctinfo;
+ 
+-      ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo);
++      ct = nf_ct_get(skb, &ctinfo);
+       if (NULL == ct) {
+               printk("ipt_connlimit: Oops: invalid ct state ?\n");
+               *hotdrop = 1;
================================================================
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to