#include <iptables.h>
#include <linux/netfilter_ipv4/ipt_recent.h>
-/* need thos two to not fail compilation with old kernel, new userspace */
+/* Need these in order to not fail when compiling against an older kernel. */
#ifndef RECENT_NAME
#define RECENT_NAME "ipt_recent"
#endif /* RECENT_NAME */
+
#ifndef RECENT_VER
#define RECENT_VER "unknown"
#endif /* RECENT_VER */
+
#ifndef IPT_RECENT_NAME_LEN
-#define IPT_RECENT_NAME_LEN 200
+#define IPT_RECENT_NAME_LEN 200
#endif /* IPT_RECENT_NAME_LEN */
+/* Options for this module */
+static struct option opts[] = {
+ { .name = "set", .has_arg = 0, .flag = 0, .val = 201 },
+ { .name = "rcheck", .has_arg = 0, .flag = 0, .val = 202 },
+ { .name = "update", .has_arg = 0, .flag = 0, .val = 203 },
+ { .name = "seconds", .has_arg = 1, .flag = 0, .val = 204 },
+ { .name = "hitcount", .has_arg = 1, .flag = 0, .val = 205 },
+ { .name = "remove", .has_arg = 0, .flag = 0, .val = 206 },
+ { .name = "rttl", .has_arg = 0, .flag = 0, .val = 207 },
+ { .name = "name", .has_arg = 1, .flag = 0, .val = 208 },
+ { .name = "rsource", .has_arg = 0, .flag = 0, .val = 209 },
+ { .name = "rdest", .has_arg = 0, .flag = 0, .val = 210 },
+ { .name = 0, .has_arg = 0, .flag = 0, .val = 0 }
+};
+
/* Function which prints out usage message. */
static void
help(void)
" Useful if you have problems with people spoofing their source address in order\n"
" to DoS you via this module.\n"
" --name name Name of the recent list to be used. DEFAULT used if none given.\n"
-" --rsource Save the source address of each packet in the recent list table (default).\n"
-" --rdest Save the destination address of each packet in the recent list table.\n"
+" --rsource Match/Save the source address of each packet in the recent list table (default).\n"
+" --rdest Match/Save the destination address of each packet in the recent list table.\n"
RECENT_NAME " " RECENT_VER ": Stephen Frost <sfrost@snowman.net>. http://snowman.net/projects/ipt_recent/\n"
,
IPTABLES_VERSION);
}
-static struct option opts[] = {
- { "set", 0, 0, 201 },
- { "rcheck", 0, 0, 202 },
- { "update", 0, 0, 203 },
- { "seconds", 1, 0, 204 },
- { "hitcount", 1, 0, 205 },
- { "remove",0, 0, 206 },
- { "rttl",0, 0, 207},
- { "name", 1, 0, 208},
- { "rsource", 0, 0, 209},
- { "rdest", 0, 0, 210},
- {0}
-};
-
/* Initialize the match. */
static void
init(struct ipt_entry_match *match, unsigned int *nfcache)
if(info->check_set & IPT_RECENT_REMOVE) printf("--remove ");
if(info->seconds) printf("--seconds %d ",info->seconds);
if(info->hit_count) printf("--hitcount %d ",info->hit_count);
- if(info->check_set & IPT_RECENT_TTL) printf("-rttl ");
+ if(info->check_set & IPT_RECENT_TTL) printf("--rttl ");
if(info->name) printf("--name %s ",info->name);
if(info->side == IPT_RECENT_SOURCE) printf("--rsource ");
if(info->side == IPT_RECENT_DEST) printf("--rdest ");
}
-static
-struct iptables_match recent
-= { NULL,
- "recent",
- IPTABLES_VERSION,
- IPT_ALIGN(sizeof(struct ipt_recent_info)),
- IPT_ALIGN(sizeof(struct ipt_recent_info)),
- &help,
- &init,
- &parse,
- &final_check,
- &print,
- &save,
- opts
+/* Structure for iptables to use to communicate with module */
+static struct iptables_match recent = {
+ .next = NULL,
+ .name = "recent",
+ .version = IPTABLES_VERSION,
+ .size = IPT_ALIGN(sizeof(struct ipt_recent_info)),
+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_recent_info)),
+ .help = &help,
+ .init = &init,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
};
void _init(void)
projects / thirdparty / iptables.git / commitdiff
