summaryrefslogtreecommitdiffstats
path: root/include/internal/object.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/internal/object.h')
-rw-r--r--include/internal/object.h14
1 files changed, 10 insertions, 4 deletions
diff --git a/include/internal/object.h b/include/internal/object.h
index 8213f4a..53f942d 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -171,9 +171,13 @@ struct nfct_filter {
enum nfct_filter_logic logic[NFCT_FILTER_MAX];
/*
- * This the layer 4 protocol map for filtering.
+ * This the layer 4 protocol map for filtering. Not more than
+ * 255 protocols (maximum is IPPROTO_MAX which is 256). Actually,
+ * I doubt that anyone can reach such a limit.
*/
+#define __FILTER_L4PROTO_MAX 255
u_int32_t l4proto_map[IPPROTO_MAX/32];
+ u_int32_t l4proto_len;
struct {
/*
@@ -183,19 +187,21 @@ struct nfct_filter {
*/
#define __FILTER_PROTO_MAX 16
u_int16_t map;
+ u_int16_t len;
} l4proto_state[IPPROTO_MAX];
#define __FILTER_ADDR_SRC 0
#define __FILTER_ADDR_DST 1
/*
- * FIXME: For IPv4 filtering, up to 256 IPs or masks by now.
+ * FIXME: For IPv4 filtering, up to 127 IPs by now.
* This limitation is related to the existing autogenerated BSF code
- * and the fact that the maximum jump offset if 2^8 = 256.
+ * (two BSF lines per comparison) and the fact that the maximum
+ * jump offset is 0xff which is 255.
*/
u_int32_t l3proto_elems[2];
struct {
-#define __FILTER_ADDR_MAX 256
+#define __FILTER_ADDR_MAX 127
u_int32_t addr;
u_int32_t mask;
} l3proto[2][__FILTER_ADDR_MAX];