Commit a2acc543 authored by Taehee Yoo's avatar Taehee Yoo Committed by Pablo Neira Ayuso

netfilter: connlimit: merge root4 and root6.

The root4 variable is used only when connlimit extension module has been
stored by the iptables command. and the roo6 variable is used only when
connlimit extension module has been stored by the ip6tables command.
So the root4 and roo6 variable does not be used at the same time.
Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 549d2d41
...@@ -58,8 +58,7 @@ struct xt_connlimit_rb { ...@@ -58,8 +58,7 @@ struct xt_connlimit_rb {
static spinlock_t xt_connlimit_locks[CONNLIMIT_LOCK_SLOTS] __cacheline_aligned_in_smp; static spinlock_t xt_connlimit_locks[CONNLIMIT_LOCK_SLOTS] __cacheline_aligned_in_smp;
struct xt_connlimit_data { struct xt_connlimit_data {
struct rb_root climit_root4[CONNLIMIT_SLOTS]; struct rb_root climit_root[CONNLIMIT_SLOTS];
struct rb_root climit_root6[CONNLIMIT_SLOTS];
}; };
static u_int32_t connlimit_rnd __read_mostly; static u_int32_t connlimit_rnd __read_mostly;
...@@ -294,13 +293,11 @@ static int count_them(struct net *net, ...@@ -294,13 +293,11 @@ static int count_them(struct net *net,
int count; int count;
u32 hash; u32 hash;
if (family == NFPROTO_IPV6) { if (family == NFPROTO_IPV6)
hash = connlimit_iphash6(addr, mask); hash = connlimit_iphash6(addr, mask);
root = &data->climit_root6[hash]; else
} else {
hash = connlimit_iphash(addr->ip & mask->ip); hash = connlimit_iphash(addr->ip & mask->ip);
root = &data->climit_root4[hash]; root = &data->climit_root[hash];
}
spin_lock_bh(&xt_connlimit_locks[hash % CONNLIMIT_LOCK_SLOTS]); spin_lock_bh(&xt_connlimit_locks[hash % CONNLIMIT_LOCK_SLOTS]);
...@@ -379,10 +376,8 @@ static int connlimit_mt_check(const struct xt_mtchk_param *par) ...@@ -379,10 +376,8 @@ static int connlimit_mt_check(const struct xt_mtchk_param *par)
return -ENOMEM; return -ENOMEM;
} }
for (i = 0; i < ARRAY_SIZE(info->data->climit_root4); ++i) for (i = 0; i < ARRAY_SIZE(info->data->climit_root); ++i)
info->data->climit_root4[i] = RB_ROOT; info->data->climit_root[i] = RB_ROOT;
for (i = 0; i < ARRAY_SIZE(info->data->climit_root6); ++i)
info->data->climit_root6[i] = RB_ROOT;
return 0; return 0;
} }
...@@ -413,10 +408,8 @@ static void connlimit_mt_destroy(const struct xt_mtdtor_param *par) ...@@ -413,10 +408,8 @@ static void connlimit_mt_destroy(const struct xt_mtdtor_param *par)
nf_ct_netns_put(par->net, par->family); nf_ct_netns_put(par->net, par->family);
for (i = 0; i < ARRAY_SIZE(info->data->climit_root4); ++i) for (i = 0; i < ARRAY_SIZE(info->data->climit_root); ++i)
destroy_tree(&info->data->climit_root4[i]); destroy_tree(&info->data->climit_root[i]);
for (i = 0; i < ARRAY_SIZE(info->data->climit_root6); ++i)
destroy_tree(&info->data->climit_root6[i]);
kfree(info->data); kfree(info->data);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment