static inline bool already_closed(const struct nf_conn *conn)
{
- u_int16_t proto = conn->tuplehash[0].tuple.dst.protonum;
-
- if (proto == IPPROTO_TCP)
- return conn->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT;
+ if (nf_ct_protonum(conn) == IPPROTO_TCP)
+ return conn->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT ||
+ conn->proto.tcp.state == TCP_CONNTRACK_CLOSE;
else
return 0;
}
const union nf_inet_addr *mask,
const struct xt_match *match)
{
- struct nf_conntrack_tuple_hash *found;
+ const struct nf_conntrack_tuple_hash *found;
struct xt_connlimit_conn *conn;
struct xt_connlimit_conn *tmp;
- struct nf_conn *found_ct;
+ const struct nf_conn *found_ct;
struct list_head *hash;
bool addit = true;
int matches = 0;
else
hash = &data->iphash[connlimit_iphash(addr->ip & mask->ip)];
- read_lock_bh(&nf_conntrack_lock);
+ rcu_read_lock();
/* check the saved connections */
list_for_each_entry_safe(conn, tmp, hash, list) {
- found = __nf_conntrack_find(&conn->tuple, NULL);
+ found = __nf_conntrack_find(&conn->tuple);
found_ct = NULL;
if (found != NULL)
++matches;
}
- read_unlock_bh(&nf_conntrack_lock);
+ rcu_read_unlock();
if (addit) {
/* save the new connection in our list */
static void
connlimit_mt_destroy(const struct xt_match *match, void *matchinfo)
{
- struct xt_connlimit_info *info = matchinfo;
+ const struct xt_connlimit_info *info = matchinfo;
struct xt_connlimit_conn *conn;
struct xt_connlimit_conn *tmp;
struct list_head *hash = info->data->iphash;
projects / linux-2.6 / blobdiff