netfilter: xt_recent: add address masking option

The mask option allows you put all address belonging that mask into the same recent slot. This can be useful in case that recent is used to detect attacks from the same network segment. Tested for backward compatibility. Signed-off-by: Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Denys Fedoryshchenko <denys@visp.net.lb> 2012-05-17 20:08:57 (GMT)
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-06-07 12:58:42 (GMT)
commit: efdedd5426a94b00d23483a1bcb4af3a91c894db (patch)
tree: fdcf05bb970caa499a8dc86c058a167d8eb098b3 /include/linux/netfilter.h
parent: 1da6dd07989869fa4f8ec1f47d610d12f96eb04d (diff)
download: linux-fsl-qoriq-efdedd5426a94b00d23483a1bcb4af3a91c894db.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index ff9c84c..4541f33 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -94,6 +94,16 @@ static inline int nf_inet_addr_cmp(const union nf_inet_addr *a1,
 	       a1->all[3] == a2->all[3];
 }
 
+static inline void nf_inet_addr_mask(const union nf_inet_addr *a1,
+				     union nf_inet_addr *result,
+				     const union nf_inet_addr *mask)
+{
+	result->all[0] = a1->all[0] & mask->all[0];
+	result->all[1] = a1->all[1] & mask->all[1];
+	result->all[2] = a1->all[2] & mask->all[2];
+	result->all[3] = a1->all[3] & mask->all[3];
+}
+
 extern void netfilter_init(void);
 
 /* Largest hook number + 1 */
author	Denys Fedoryshchenko <denys@visp.net.lb>	2012-05-17 20:08:57 (GMT)
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-06-07 12:58:42 (GMT)
commit	efdedd5426a94b00d23483a1bcb4af3a91c894db (patch)
tree	fdcf05bb970caa499a8dc86c058a167d8eb098b3 /include/linux/netfilter.h
parent	1da6dd07989869fa4f8ec1f47d610d12f96eb04d (diff)
download	linux-fsl-qoriq-efdedd5426a94b00d23483a1bcb4af3a91c894db.tar.xz