netfilter: connlimit: split xt_connlimit into front and backend This allows to reuse xt_connlimit infrastructure from nf_tables. The upcoming nf_tables frontend can just pass in an nftables register as input key, this allows limiting by any nft-supported key, including concatenations. For xt_connlimit, pass in the zone and the ip/ipv6 address. With help from Yi-Hung Wei. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit: 625c556118f3c2fd28bb8ef6da18c53bd4037be4 [log] [tgz]
author: Florian Westphal <fw@strlen.de> Sat Dec 09 21:01:08 2017 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> Mon Jan 08 18:01:22 2018 +0100
tree: e67a0e7ac8ae1e482aa0af0f5363a74a37011228
parent: c2f9eafee9aaeedaad9eadbf47913f4681d723df [diff] [blame]
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index f78ed24..490a55e 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile

@@ -67,6 +67,8 @@
 # SYNPROXY
 obj-$(CONFIG_NETFILTER_SYNPROXY) += nf_synproxy_core.o
 
+obj-$(CONFIG_NETFILTER_CONNCOUNT) += nf_conncount.o
+
 # generic packet duplication from netdev family
 obj-$(CONFIG_NF_DUP_NETDEV)	+= nf_dup_netdev.o
commit	625c556118f3c2fd28bb8ef6da18c53bd4037be4	[log] [tgz]
author	Florian Westphal <fw@strlen.de>	Sat Dec 09 21:01:08 2017 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Mon Jan 08 18:01:22 2018 +0100
tree	e67a0e7ac8ae1e482aa0af0f5363a74a37011228
parent	c2f9eafee9aaeedaad9eadbf47913f4681d723df [diff] [blame]