git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Sat, 9 Dec 2017 20:01:08 +0000 (21:01 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 8 Jan 2018 17:01:22 +0000 (18:01 +0100)
commit	3400d4a745891a311fbd8d4f0acfe36b600dfbd5
tree	e67a0e7ac8ae1e482aa0af0f5363a74a37011228	tree \| snapshot
parent	3253d301c98447de200b4c792dabf6c1f170aff4	commit \| diff

netfilter: connlimit: split xt_connlimit into front and backend

This allows to reuse xt_connlimit infrastructure from nf_tables.
The upcoming nf_tables frontend can just pass in an nftables register
as input key, this allows limiting by any nft-supported key, including
concatenations.

For xt_connlimit, pass in the zone and the ip/ipv6 address.

With help from Yi-Hung Wei.

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_conntrack_count.h	[new file with mode: 0644]	blob
include/uapi/linux/netfilter/xt_connlimit.h		diff \| blob \| history
net/netfilter/Kconfig		diff \| blob \| history
net/netfilter/Makefile		diff \| blob \| history
net/netfilter/nf_conncount.c	[new file with mode: 0644]	blob
net/netfilter/xt_connlimit.c		diff \| blob \| history