From 4e98e81ecdcc321d232edc42fac168d257e712ff Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 21 Jun 2011 17:00:45 +0200 Subject: libipt_LOG: fix ignoring all but last flags Signed-off-by: Jan Engelhardt --- extensions/libip6t_LOG.c | 10 +++++----- extensions/libipt_LOG.c | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) (limited to 'extensions') diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c index a419ec91..2b1ae289 100644 --- a/extensions/libip6t_LOG.c +++ b/extensions/libip6t_LOG.c @@ -87,19 +87,19 @@ static void LOG_parse(struct xt_option_call *cb) "Newlines not allowed in --log-prefix"); break; case O_LOG_TCPSEQ: - info->logflags = IP6T_LOG_TCPSEQ; + info->logflags |= IP6T_LOG_TCPSEQ; break; case O_LOG_TCPOPTS: - info->logflags = IP6T_LOG_TCPOPT; + info->logflags |= IP6T_LOG_TCPOPT; break; case O_LOG_IPOPTS: - info->logflags = IP6T_LOG_IPOPT; + info->logflags |= IP6T_LOG_IPOPT; break; case O_LOG_UID: - info->logflags = IP6T_LOG_UID; + info->logflags |= IP6T_LOG_UID; break; case O_LOG_MAC: - info->logflags = IP6T_LOG_MACDECODE; + info->logflags |= IP6T_LOG_MACDECODE; break; } } diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c index b270bcf6..77f16d19 100644 --- a/extensions/libipt_LOG.c +++ b/extensions/libipt_LOG.c @@ -87,19 +87,19 @@ static void LOG_parse(struct xt_option_call *cb) "Newlines not allowed in --log-prefix"); break; case O_LOG_TCPSEQ: - info->logflags = IPT_LOG_TCPSEQ; + info->logflags |= IPT_LOG_TCPSEQ; break; case O_LOG_TCPOPTS: - info->logflags = IPT_LOG_TCPOPT; + info->logflags |= IPT_LOG_TCPOPT; break; case O_LOG_IPOPTS: - info->logflags = IPT_LOG_IPOPT; + info->logflags |= IPT_LOG_IPOPT; break; case O_LOG_UID: - info->logflags = IPT_LOG_UID; + info->logflags |= IPT_LOG_UID; break; case O_LOG_MAC: - info->logflags = IPT_LOG_MACDECODE; + info->logflags |= IPT_LOG_MACDECODE; break; } } -- cgit v1.2.3 From 68818f746bf9c68de04a75fbe756bf2c73e0fb32 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 21 Jun 2011 14:20:15 +0200 Subject: libxt_RATEEST: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libxt_RATEEST.c | 94 +++++++++++++++------------------------------- 1 file changed, 30 insertions(+), 64 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_RATEEST.c b/extensions/libxt_RATEEST.c index 6369e9e4..b928b339 100644 --- a/extensions/libxt_RATEEST.c +++ b/extensions/libxt_RATEEST.c @@ -1,9 +1,6 @@ -#include #include #include #include -#include -#include #include #include @@ -11,7 +8,6 @@ #include /* hack to pass raw values to final_check */ -static struct xt_rateest_target_info *RATEEST_info; static unsigned int interval; static unsigned int ewma_log; @@ -25,18 +21,23 @@ RATEEST_help(void) " --rateest-ewmalog value Rate measurement averaging time constant\n"); } -enum RATEEST_options { - RATEEST_OPT_NAME, - RATEEST_OPT_INTERVAL, - RATEEST_OPT_EWMALOG, +enum { + O_NAME = 0, + O_INTERVAL, + O_EWMALOG, }; -static const struct option RATEEST_opts[] = { - {.name = "rateest-name", .has_arg = true, .val = RATEEST_OPT_NAME}, - {.name = "rateest-interval", .has_arg = true, .val = RATEEST_OPT_INTERVAL}, - {.name = "rateest-ewmalog", .has_arg = true, .val = RATEEST_OPT_EWMALOG}, - XT_GETOPT_TABLEEND, +#define s struct xt_rateest_target_info +static const struct xt_option_entry RATEEST_opts[] = { + {.name = "rateest-name", .id = O_NAME, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, name)}, + {.name = "rateest-interval", .id = O_INTERVAL, .type = XTTYPE_STRING, + .flags = XTOPT_MAND}, + {.name = "rateest-ewmalog", .id = O_EWMALOG, .type = XTTYPE_STRING, + .flags = XTOPT_MAND}, + XTOPT_TABLEEND, }; +#undef s /* Copied from iproute */ #define TIME_UNITS_PER_SEC 1000000 @@ -82,63 +83,28 @@ RATEEST_print_time(unsigned int time) printf(" %uus", time); } -static int -RATEEST_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void RATEEST_parse(struct xt_option_call *cb) { - struct xt_rateest_target_info *info = (void *)(*target)->data; - - RATEEST_info = info; - - switch (c) { - case RATEEST_OPT_NAME: - if (*flags & (1 << c)) + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_INTERVAL: + if (RATEEST_get_time(&interval, cb->arg) < 0) xtables_error(PARAMETER_PROBLEM, - "RATEEST: can't specify --rateest-name twice"); - *flags |= 1 << c; - - strncpy(info->name, optarg, sizeof(info->name) - 1); + "RATEEST: bad interval value \"%s\"", + cb->arg); break; - - case RATEEST_OPT_INTERVAL: - if (*flags & (1 << c)) + case O_EWMALOG: + if (RATEEST_get_time(&ewma_log, cb->arg) < 0) xtables_error(PARAMETER_PROBLEM, - "RATEEST: can't specify --rateest-interval twice"); - *flags |= 1 << c; - - if (RATEEST_get_time(&interval, optarg) < 0) - xtables_error(PARAMETER_PROBLEM, - "RATEEST: bad interval value `%s'", optarg); - - break; - - case RATEEST_OPT_EWMALOG: - if (*flags & (1 << c)) - xtables_error(PARAMETER_PROBLEM, - "RATEEST: can't specify --rateest-ewmalog twice"); - *flags |= 1 << c; - - if (RATEEST_get_time(&ewma_log, optarg) < 0) - xtables_error(PARAMETER_PROBLEM, - "RATEEST: bad ewmalog value `%s'", optarg); - + "RATEEST: bad ewmalog value \"%s\"", + cb->arg); break; } - - return 1; } -static void -RATEEST_final_check(unsigned int flags) +static void RATEEST_final_check(struct xt_fcheck_call *cb) { - struct xt_rateest_target_info *info = RATEEST_info; - - if (!(flags & (1 << RATEEST_OPT_NAME))) - xtables_error(PARAMETER_PROBLEM, "RATEEST: no name specified"); - if (!(flags & (1 << RATEEST_OPT_INTERVAL))) - xtables_error(PARAMETER_PROBLEM, "RATEEST: no interval specified"); - if (!(flags & (1 << RATEEST_OPT_EWMALOG))) - xtables_error(PARAMETER_PROBLEM, "RATEEST: no ewmalog specified"); + struct xt_rateest_target_info *info = cb->data; for (info->interval = 0; info->interval <= 5; info->interval++) { if (interval <= (1 << info->interval) * (TIME_UNITS_PER_SEC / 4)) @@ -199,11 +165,11 @@ static struct xtables_target rateest_tg_reg = { .size = XT_ALIGN(sizeof(struct xt_rateest_target_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_rateest_target_info)), .help = RATEEST_help, - .parse = RATEEST_parse, - .final_check = RATEEST_final_check, + .x6_parse = RATEEST_parse, + .x6_fcheck = RATEEST_final_check, .print = RATEEST_print, .save = RATEEST_save, - .extra_opts = RATEEST_opts, + .x6_options = RATEEST_opts, }; void _init(void) -- cgit v1.2.3 From 4a96d2e2c9d8c43b58d9490cd1d2ae2d1b3e0bef Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 21 Jun 2011 09:54:31 +0200 Subject: libxt_rateest: abolish global variables Signed-off-by: Jan Engelhardt --- extensions/libxt_rateest.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_rateest.c b/extensions/libxt_rateest.c index 509b3e31..5f42a137 100644 --- a/extensions/libxt_rateest.c +++ b/extensions/libxt_rateest.c @@ -8,9 +8,6 @@ #include #include -/* Ugly hack to pass info to final_check function. We should fix the API */ -static struct xt_rateest_match_info *rateest_info; - static void rateest_help(void) { printf( @@ -115,8 +112,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, struct xt_rateest_match_info *info = (void *)(*match)->data; unsigned int val; - rateest_info = info; - switch (c) { case OPT_RATEEST1: xtables_check_inverse(optarg, &invert, &optind, 0, argv); @@ -302,10 +297,9 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, return 1; } -static void -rateest_final_check(unsigned int flags) +static void rateest_final_check(struct xt_fcheck_call *cb) { - struct xt_rateest_match_info *info = rateest_info; + struct xt_rateest_match_info *info = cb->data; if (info == NULL) xtables_error(PARAMETER_PROBLEM, "rateest match: " @@ -439,7 +433,7 @@ static struct xtables_match rateest_mt_reg = { .userspacesize = XT_ALIGN(offsetof(struct xt_rateest_match_info, est1)), .help = rateest_help, .parse = rateest_parse, - .final_check = rateest_final_check, + .x6_fcheck = rateest_final_check, .print = rateest_print, .save = rateest_save, .extra_opts = rateest_opts, -- cgit v1.2.3 From 12bc22a9d3e4ae4a3276dbae1cf3bd50ef5dbe9d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 21 Jun 2011 14:22:20 +0200 Subject: libxt_RATEEST: abolish global variables Signed-off-by: Jan Engelhardt --- extensions/libxt_RATEEST.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_RATEEST.c b/extensions/libxt_RATEEST.c index b928b339..62bcb5e8 100644 --- a/extensions/libxt_RATEEST.c +++ b/extensions/libxt_RATEEST.c @@ -7,9 +7,10 @@ #include #include -/* hack to pass raw values to final_check */ -static unsigned int interval; -static unsigned int ewma_log; +struct rateest_tg_udata { + unsigned int interval; + unsigned int ewma_log; +}; static void RATEEST_help(void) @@ -85,16 +86,18 @@ RATEEST_print_time(unsigned int time) static void RATEEST_parse(struct xt_option_call *cb) { + struct rateest_tg_udata *udata = cb->udata; + xtables_option_parse(cb); switch (cb->entry->id) { case O_INTERVAL: - if (RATEEST_get_time(&interval, cb->arg) < 0) + if (RATEEST_get_time(&udata->interval, cb->arg) < 0) xtables_error(PARAMETER_PROBLEM, "RATEEST: bad interval value \"%s\"", cb->arg); break; case O_EWMALOG: - if (RATEEST_get_time(&ewma_log, cb->arg) < 0) + if (RATEEST_get_time(&udata->ewma_log, cb->arg) < 0) xtables_error(PARAMETER_PROBLEM, "RATEEST: bad ewmalog value \"%s\"", cb->arg); @@ -105,9 +108,10 @@ static void RATEEST_parse(struct xt_option_call *cb) static void RATEEST_final_check(struct xt_fcheck_call *cb) { struct xt_rateest_target_info *info = cb->data; + struct rateest_tg_udata *udata = cb->udata; for (info->interval = 0; info->interval <= 5; info->interval++) { - if (interval <= (1 << info->interval) * (TIME_UNITS_PER_SEC / 4)) + if (udata->interval <= (1 << info->interval) * (TIME_UNITS_PER_SEC / 4)) break; } @@ -118,7 +122,7 @@ static void RATEEST_final_check(struct xt_fcheck_call *cb) for (info->ewma_log = 1; info->ewma_log < 32; info->ewma_log++) { double w = 1.0 - 1.0 / (1 << info->ewma_log); - if (interval / (-log(w)) > ewma_log) + if (udata->interval / (-log(w)) > udata->ewma_log) break; } info->ewma_log--; @@ -170,6 +174,7 @@ static struct xtables_target rateest_tg_reg = { .print = RATEEST_print, .save = RATEEST_save, .x6_options = RATEEST_opts, + .udata_size = sizeof(struct rateest_tg_udata), }; void _init(void) -- cgit v1.2.3 From 017e7b7e1cf4fb63208e46592d06cc030f6d552d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 22 Jun 2011 10:15:07 +0200 Subject: libip6t_HL: fix option names from ttl -> hl Signed-off-by: Jan Engelhardt --- extensions/libip6t_HL.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'extensions') diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c index 254b1914..52ca5d3e 100644 --- a/extensions/libip6t_HL.c +++ b/extensions/libip6t_HL.c @@ -20,12 +20,12 @@ enum { #define s struct ip6t_HL_info static const struct xt_option_entry HL_opts[] = { - {.name = "ttl-set", .type = XTTYPE_UINT8, .id = O_HL_SET, + {.name = "hl-set", .type = XTTYPE_UINT8, .id = O_HL_SET, .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)}, - {.name = "ttl-dec", .type = XTTYPE_UINT8, .id = O_HL_DEC, + {.name = "hl-dec", .type = XTTYPE_UINT8, .id = O_HL_DEC, .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit), .min = 1}, - {.name = "ttl-inc", .type = XTTYPE_UINT8, .id = O_HL_INC, + {.name = "hl-inc", .type = XTTYPE_UINT8, .id = O_HL_INC, .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit), .min = 1}, XTOPT_TABLEEND, -- cgit v1.2.3 From 70cb0a6d3e09f64f9a05870d694ac0160319de9a Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 22 Jun 2011 11:15:34 +0200 Subject: libxt_state: fix regression about inversion of main option Signed-off-by: Jan Engelhardt --- extensions/libxt_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'extensions') diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c index 3fc747d8..eff444c8 100644 --- a/extensions/libxt_state.c +++ b/extensions/libxt_state.c @@ -23,7 +23,7 @@ state_help(void) static const struct xt_option_entry state_opts[] = { {.name = "state", .id = O_STATE, .type = XTTYPE_STRING, - .flags = XTOPT_MAND}, + .flags = XTOPT_MAND | XTOPT_INVERT}, XTOPT_TABLEEND, }; -- cgit v1.2.3 From 68146dad91611bd8d6d12c8ba27219130d99607b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 22 Jun 2011 11:18:19 +0200 Subject: libxt_hashlimit: use a more obvious expiry value by default Due to the previous default expiry of 10 sec, "--hashlimit 1/min" would allow matching up to 6/min if a properly timed. To do what the user expects, the minimum expiry must equal the selected time quantum however. Cc: Jan Rovner Signed-off-by: Jan Engelhardt --- extensions/libxt_hashlimit.c | 57 +++++++++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 16 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c index e683f9ad..a838680c 100644 --- a/extensions/libxt_hashlimit.c +++ b/extensions/libxt_hashlimit.c @@ -25,6 +25,10 @@ #define XT_HASHLIMIT_GCINTERVAL 1000 #define XT_HASHLIMIT_EXPIRE 10000 +struct hashlimit_mt_udata { + uint32_t mult; +}; + static void hashlimit_help(void) { printf( @@ -56,8 +60,9 @@ enum { O_HTABLE_MAX, O_HTABLE_GCINT, O_HTABLE_EXPIRE, - F_UPTO = 1 << O_UPTO, - F_ABOVE = 1 << O_ABOVE, + F_UPTO = 1 << O_UPTO, + F_ABOVE = 1 << O_ABOVE, + F_HTABLE_EXPIRE = 1 << O_HTABLE_EXPIRE, }; static void hashlimit_mt_help(void) @@ -141,25 +146,25 @@ static const struct xt_option_entry hashlimit_mt_opts[] = { #undef s static -int parse_rate(const char *rate, uint32_t *val) +int parse_rate(const char *rate, uint32_t *val, struct hashlimit_mt_udata *ud) { const char *delim; uint32_t r; - uint32_t mult = 1; /* Seconds by default. */ + ud->mult = 1; /* Seconds by default. */ delim = strchr(rate, '/'); if (delim) { if (strlen(delim+1) == 0) return 0; if (strncasecmp(delim+1, "second", strlen(delim+1)) == 0) - mult = 1; + ud->mult = 1; else if (strncasecmp(delim+1, "minute", strlen(delim+1)) == 0) - mult = 60; + ud->mult = 60; else if (strncasecmp(delim+1, "hour", strlen(delim+1)) == 0) - mult = 60*60; + ud->mult = 60*60; else if (strncasecmp(delim+1, "day", strlen(delim+1)) == 0) - mult = 24*60*60; + ud->mult = 24*60*60; else return 0; } @@ -169,10 +174,10 @@ int parse_rate(const char *rate, uint32_t *val) /* This would get mapped to infinite (1/day is minimum they can specify, so we're ok at that end). */ - if (r / mult > XT_HASHLIMIT_SCALE) + if (r / ud->mult > XT_HASHLIMIT_SCALE) xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate); - *val = XT_HASHLIMIT_SCALE * mult / r; + *val = XT_HASHLIMIT_SCALE * ud->mult / r; return 1; } @@ -248,14 +253,14 @@ static void hashlimit_parse(struct xt_option_call *cb) case O_UPTO: if (cb->invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; - if (!parse_rate(cb->arg, &info->cfg.avg)) + if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata)) xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-upto", cb->arg); break; case O_ABOVE: if (!cb->invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; - if (!parse_rate(cb->arg, &info->cfg.avg)) + if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata)) xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-above", cb->arg); break; @@ -276,14 +281,14 @@ static void hashlimit_mt_parse(struct xt_option_call *cb) case O_UPTO: if (cb->invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; - if (!parse_rate(cb->arg, &info->cfg.avg)) + if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata)) xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-upto", cb->arg); break; case O_ABOVE: if (!cb->invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; - if (!parse_rate(cb->arg, &info->cfg.avg)) + if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata)) xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-above", cb->arg); break; @@ -303,9 +308,26 @@ static void hashlimit_mt_parse(struct xt_option_call *cb) static void hashlimit_check(struct xt_fcheck_call *cb) { + const struct hashlimit_mt_udata *udata = cb->udata; + struct xt_hashlimit_info *info = cb->data; + if (!(cb->xflags & (F_UPTO | F_ABOVE))) xtables_error(PARAMETER_PROBLEM, "You have to specify --hashlimit"); + if (!(cb->xflags & F_HTABLE_EXPIRE)) + info->cfg.expire = udata->mult; +} + +static void hashlimit_mt_check(struct xt_fcheck_call *cb) +{ + const struct hashlimit_mt_udata *udata = cb->udata; + struct xt_hashlimit_mtinfo1 *info = cb->data; + + if (!(cb->xflags & (F_UPTO | F_ABOVE))) + xtables_error(PARAMETER_PROBLEM, + "You have to specify --hashlimit"); + if (!(cb->xflags & F_HTABLE_EXPIRE)) + info->cfg.expire = udata->mult; } static const struct rates @@ -508,6 +530,7 @@ static struct xtables_match hashlimit_mt_reg[] = { .print = hashlimit_print, .save = hashlimit_save, .x6_options = hashlimit_mt_opts, + .udata_size = sizeof(struct hashlimit_mt_udata), }, { .version = XTABLES_VERSION, @@ -519,10 +542,11 @@ static struct xtables_match hashlimit_mt_reg[] = { .help = hashlimit_mt_help, .init = hashlimit_mt4_init, .x6_parse = hashlimit_mt_parse, - .x6_fcheck = hashlimit_check, + .x6_fcheck = hashlimit_mt_check, .print = hashlimit_mt4_print, .save = hashlimit_mt4_save, .x6_options = hashlimit_mt_opts, + .udata_size = sizeof(struct hashlimit_mt_udata), }, { .version = XTABLES_VERSION, @@ -534,10 +558,11 @@ static struct xtables_match hashlimit_mt_reg[] = { .help = hashlimit_mt_help, .init = hashlimit_mt6_init, .x6_parse = hashlimit_mt_parse, - .x6_fcheck = hashlimit_check, + .x6_fcheck = hashlimit_mt_check, .print = hashlimit_mt6_print, .save = hashlimit_mt6_save, .x6_options = hashlimit_mt_opts, + .udata_size = sizeof(struct hashlimit_mt_udata), }, }; -- cgit v1.2.3 From 622abc73b097e7e778b432e422fd3c1f035bcfd3 Mon Sep 17 00:00:00 2001 From: Massimo Maggi Date: Wed, 15 Jun 2011 02:52:00 +0200 Subject: libxt_RATEEST: fix userspacesize field I cannot delete a rule by matching it if the target of the rule is RATEEST. Copy-paste from terminal: # iptables -t mangle -A PREROUTING -j RATEEST --rateest-name somename --rateest-interval 250ms --rateest-ewmalog 4s # iptables -t mangle -D PREROUTING -j RATEEST --rateest-name somename --rateest-interval 250ms --rateest-ewmalog 4s iptables: No chain/target/match by that name. I saw in comments of the kernel code that the last part of the struct xt_rateest_target_info is used only by kernel: struct xt_rateest_target_info { char name[IFNAMSIZ]; __s8 interval; __u8 ewma_log; /* Used internally by the kernel */ struct xt_rateest *est __attribute__((aligned(8))); }; but in struct xtables_target, .size and .userspacesize are equal. Simply correcting this solved the problem. References: http://bugzilla.netfilter.org/show_bug.cgi?id=724 Signed-off-by: Jan Engelhardt --- extensions/libxt_RATEEST.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'extensions') diff --git a/extensions/libxt_RATEEST.c b/extensions/libxt_RATEEST.c index 62bcb5e8..acdefb90 100644 --- a/extensions/libxt_RATEEST.c +++ b/extensions/libxt_RATEEST.c @@ -167,7 +167,7 @@ static struct xtables_target rateest_tg_reg = { .name = "RATEEST", .version = XTABLES_VERSION, .size = XT_ALIGN(sizeof(struct xt_rateest_target_info)), - .userspacesize = XT_ALIGN(sizeof(struct xt_rateest_target_info)), + .userspacesize = offsetof(struct xt_rateest_target_info, est), .help = RATEEST_help, .x6_parse = RATEEST_parse, .x6_fcheck = RATEEST_final_check, -- cgit v1.2.3 From 447ddfbfb3ed16ad0059f4559334670e9b9806ec Mon Sep 17 00:00:00 2001 From: Jakub Zawadzki Date: Mon, 13 Jun 2011 13:54:33 +0200 Subject: doc: fix group range in libxt_NFLOG's man References: http://bugzilla.netfilter.org/show_bug.cgi?id=723 Signed-off-by: Jan Engelhardt --- extensions/libxt_NFLOG.man | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'extensions') diff --git a/extensions/libxt_NFLOG.man b/extensions/libxt_NFLOG.man index 66f0b973..1b6dbf16 100644 --- a/extensions/libxt_NFLOG.man +++ b/extensions/libxt_NFLOG.man @@ -9,7 +9,7 @@ may subscribe to the group to receive the packets. Like LOG, this is a non-terminating target, i.e. rule traversal continues at the next rule. .TP \fB\-\-nflog\-group\fP \fInlgroup\fP -The netlink group (1 \- 2^32\-1) to which packets are (only applicable for +The netlink group (0 - 2^16\-1) to which packets are (only applicable for nfnetlink_log). The default value is 0. .TP \fB\-\-nflog\-prefix\fP \fIprefix\fP -- cgit v1.2.3