[patch] ipt_recent
Amin Azez
azez at ufomechanic.net
Tue Mar 7 16:48:59 CET 2006
Patrick McHardy wrote:
> Amin Azez wrote:
>
>>This patch fixes the previously mentioned bug in ipt_recent and adds:
>>
>>--lt n # check less than n items in list
>>--gt n # checks more than n items in list
>>--eq n # check exactly n items in list
>>
>>Which can be prefixed with ! to invert.
>>
>>--- include/linux/netfilter_ipv4/ipt_recent.h.nolimit 2006-02-20 10:12:06.000000000 +0000
>>+++ include/linux/netfilter_ipv4/ipt_recent.h 2006-02-20 11:30:58.000000000 +0000
>>@@ -10,6 +10,11 @@
>> #define IPT_RECENT_REMOVE 8
>> #define IPT_RECENT_TTL 16
>>
>>+#define IPT_RECENT_INVERT 1
>>+#define IPT_RECENT_LT 2
>>+#define IPT_RECENT_GT 4
>>+#define IPT_RECENT_EQ (IPT_RECENT_LT | IPT_RECENT_GT)
>>+
>> #define IPT_RECENT_SOURCE 0
>> #define IPT_RECENT_DEST 1
>>
>>@@ -20,6 +25,8 @@
>> u_int32_t hit_count;
>> u_int8_t check_set;
>> u_int8_t invert;
>>+ u_int8_t check_count;
>>+ u_int32_t entry_count;
>> char name[IPT_RECENT_NAME_LEN];
>> u_int8_t side;
>> };
>
>
> Sorry, we can't do that since it breaks userspace compatibility. But I'm
> really glad someone finally has the stomach to touch ipt_recent, I'll
> review your other patches now.
I've reworked that functionality significantly in a new patch to send
next week. I will see if I can find a way to make use of existing
structures to add the functionality.
I heard tell that ipt_recent needed a maintainer?
Sam
More information about the netfilter-devel
mailing list