Displaying 1 result from an estimated 1 matches for "connlimit_init".
2009 Jun 07
2
[Bug 597] New: ip6tables connlimit - cannot set CIDR greater than 32 (includes fix)
...To: laforge at netfilter.org
ReportedBy: kd6lvw at yahoo.com
(e.g.) -m connlimit --connlimit-above 1 --connlimit-mask 48
Any mask size >32 will be set as 32 for IP6tables. However, IPv6 addresses
have 128 bits.
iptables-1.4.3.2/extensions/libxt_connlimit.c (lines 26-30):
static void connlimit_init(struct xt_entry_match *match)
{
struct xt_connlimit_info *info = (void *)match->data;
info->v4_mask = 0xFFFFFFFFUL;
}
As "v4_mask" and "v6_mask[4]" are unioned, we're only initializing the most
significant 32 bits of the "v6_mask", but leavin...