xt_TARPIT (was: ipt_account / iptables 1.3.8)

Jan Engelhardt jengelh at computergmbh.de
Mon Jul 9 16:58:39 CEST 2007

On Jul 9 2007 16:15, Patrick McHardy wrote:
>>>No, I couldn't come up with a good way to remove the xrlim abuse yet.

If you ask me, just remove the xrlim call, and replace it by
some sort of 'last' timestamp, e.g.

time_t last;

static int target()
	if (!otcph->syn && otcph->ack)
		if (!(last <= now() + 5))
			return; /* rate limit */
	last = now();

As far as I can see, that xrlim call is there for at least one case:

tarpit sends ACKs with window=0, but client ignores the RFC-given delay for
window=0 packets.


More information about the netfilter-devel mailing list