[NETFILTER]: ctnetlink: Fix expectaction mask dumping

[linux-2.6] / net / netfilter / xt_limit.c

diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
index 15e40506bc3afb26224fab89b83ec318e9cdec38..3049e6f8889e57fe466c1bcdfe91f6cec31cb895 100644 (file)
--- a/net/netfilter/xt_limit.c
+++ b/net/netfilter/xt_limit.c
@@ -68,6 +68,7 @@ static int
 ipt_limit_match(const struct sk_buff *skb,
                const struct net_device *in,
                const struct net_device *out,
+               const struct xt_match *match,
                const void *matchinfo,
                int offset,
                unsigned int protoff,
@@ -107,15 +108,13 @@ user2credits(u_int32_t user)
 static int
 ipt_limit_checkentry(const char *tablename,
                     const void *inf,
+                    const struct xt_match *match,
                     void *matchinfo,
                     unsigned int matchsize,
                     unsigned int hook_mask)
 {
        struct xt_rateinfo *r = matchinfo;
 
-       if (matchsize != XT_ALIGN(sizeof(struct xt_rateinfo)))
-               return 0;
-
        /* Check for overflow. */
        if (r->burst == 0
            || user2credits(r->avg * r->burst) < user2credits(r->avg)) {
@@ -140,12 +139,14 @@ ipt_limit_checkentry(const char *tablename,
 static struct xt_match ipt_limit_reg = {
        .name           = "limit",
        .match          = ipt_limit_match,
+       .matchsize      = sizeof(struct xt_rateinfo),
        .checkentry     = ipt_limit_checkentry,
        .me             = THIS_MODULE,
 };
 static struct xt_match limit6_reg = {
        .name           = "limit",
        .match          = ipt_limit_match,
+       .matchsize      = sizeof(struct xt_rateinfo),
        .checkentry     = ipt_limit_checkentry,
        .me             = THIS_MODULE,
 };