From 20506e55b12ba22b761a1ad84dc8a47ce8c82f2e Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 25 Nov 2008 01:03:19 +0100 Subject: bsf: major rework of the BSF generation code This patch reworks the BSF automatic generation code. This feature needs more love and it has several limitations like that the maximum number of IPs are 127 due to BSF code restrictions. See this patch as a first step forward. This patch also adds the stack data type, which is used to resolve jump dynamically instead of the previous static approach. This patch also includes fixes in the limitations, previous calculations were wrong. Signed-off-by: Pablo Neira Ayuso --- src/conntrack/api.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/conntrack/api.c') diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 6dae83f..141aa9d 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -1009,8 +1009,8 @@ void nfct_filter_destroy(struct nfct_filter *filter) * @type: filter attribute type * @value: pointer to the value of the filter attribute * - * Limitations: You can add up to 256 IPv4 addresses and masks for - * NFCT_FILTER_SRC_IPV4 and, similarly, 256 for NFCT_FILTER_DST_IPV4. + * Limitations: You can add up to 127 IPv4 addresses and masks for + * NFCT_FILTER_SRC_IPV4 and, similarly, 127 for NFCT_FILTER_DST_IPV4. */ void nfct_filter_add_attr(struct nfct_filter *filter, const enum nfct_filter_attr type, @@ -1033,6 +1033,8 @@ void nfct_filter_add_attr(struct nfct_filter *filter, * @filter: filter object that we want to modify * @type: filter attribute type * @value: value of the filter attribute using unsigned int (32 bits). + * + * Limitations: You can add up to 255 protocols which is a reasonable limit. */ void nfct_filter_add_attr_u32(struct nfct_filter *filter, const enum nfct_filter_attr type, -- cgit v1.2.3