Loading net/netfilter/xt_connlimit.c +8 −4 Original line number Original line Diff line number Diff line Loading @@ -185,11 +185,15 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par) int connections; int connections; ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo); if (ct != NULL) if (ct != NULL) { tuple_ptr = &ct->tuplehash[0].tuple; if (info->flags & XT_CONNLIMIT_DADDR) else if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), tuple_ptr = &ct->tuplehash[IP_CT_DIR_REPLY].tuple; par->family, &tuple)) else tuple_ptr = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; } else if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), par->family, &tuple)) { goto hotdrop; goto hotdrop; } if (par->family == NFPROTO_IPV6) { if (par->family == NFPROTO_IPV6) { const struct ipv6hdr *iph = ipv6_hdr(skb); const struct ipv6hdr *iph = ipv6_hdr(skb); Loading Loading
net/netfilter/xt_connlimit.c +8 −4 Original line number Original line Diff line number Diff line Loading @@ -185,11 +185,15 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par) int connections; int connections; ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo); if (ct != NULL) if (ct != NULL) { tuple_ptr = &ct->tuplehash[0].tuple; if (info->flags & XT_CONNLIMIT_DADDR) else if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), tuple_ptr = &ct->tuplehash[IP_CT_DIR_REPLY].tuple; par->family, &tuple)) else tuple_ptr = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; } else if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), par->family, &tuple)) { goto hotdrop; goto hotdrop; } if (par->family == NFPROTO_IPV6) { if (par->family == NFPROTO_IPV6) { const struct ipv6hdr *iph = ipv6_hdr(skb); const struct ipv6hdr *iph = ipv6_hdr(skb); Loading
