libxt_recent: Add support for --reap option

author Tim Gardner <tim.gardner@canonical.com>

Wed, 30 Nov 2011 15:16:53 +0000 (08:16 -0700)

committer Jan Engelhardt <jengelh@medozas.de>

Fri, 9 Dec 2011 04:11:45 +0000 (05:11 +0100)
author Tim Gardner <tim.gardner@canonical.com>
Wed, 30 Nov 2011 15:16:53 +0000 (08:16 -0700)
committer Jan Engelhardt <jengelh@medozas.de>
Fri, 9 Dec 2011 04:11:45 +0000 (05:11 +0100)
diff --git a/extensions/libxt_recent.c b/extensions/libxt_recent.c

index 1e1a111f11fb496f2721e24b375099b6d228cf89..c7dce4e7226dae738688f6dc2934254279d2a158 100644 (file)
--- a/extensions/libxt_recent.c
+++ b/extensions/libxt_recent.c
@@ -10,6 +10,7 @@ enum {
         O_UPDATE,
         O_REMOVE,
         O_SECONDS,
+       O_REAP,
         O_HITCOUNT,
         O_RTTL,
         O_NAME,
@@ -19,6 +20,7 @@ enum {
         F_RCHECK = 1 << O_RCHECK,
         F_UPDATE = 1 << O_UPDATE,
         F_REMOVE = 1 << O_REMOVE,
+       F_SECONDS = 1 << O_SECONDS,
         F_ANY_OP = F_SET | F_RCHECK | F_UPDATE | F_REMOVE,
  };
  
@@ -33,7 +35,9 @@ static const struct xt_option_entry recent_opts[] = {
         {.name = "remove", .id = O_REMOVE, .type = XTTYPE_NONE,
          .excl = F_ANY_OP, .flags = XTOPT_INVERT},
         {.name = "seconds", .id = O_SECONDS, .type = XTTYPE_UINT32,
-        .flags = XTOPT_PUT, XTOPT_POINTER(s, seconds)},
+        .flags = XTOPT_PUT, XTOPT_POINTER(s, seconds), .min = 1},
+       {.name = "reap", .id = O_REAP, .type = XTTYPE_NONE,
+        .also = F_SECONDS },
         {.name = "hitcount", .id = O_HITCOUNT, .type = XTTYPE_UINT32,
          .flags = XTOPT_PUT, XTOPT_POINTER(s, hit_count)},
         {.name = "rttl", .id = O_RTTL, .type = XTTYPE_NONE,
@@ -57,6 +61,8 @@ static void recent_help(void)
  "    --seconds seconds           For check and update commands above.\n"
  "                                Specifies that the match will only occur if source address last seen within\n"
  "                                the last 'seconds' seconds.\n"
+"    --reap                      Purge entries older then 'seconds'.\n"
+"                                Can only be used in conjunction with the seconds option.\n"
  "    --hitcount hits             For check and update commands above.\n"
  "                                Specifies that the match will only occur if source address seen hits times.\n"
  "                                May be used in conjunction with the seconds option.\n"
@@ -117,11 +123,16 @@ static void recent_parse(struct xt_option_call *cb)
         case O_RDEST:
                 info->side = XT_RECENT_DEST;
                 break;
+       case O_REAP:
+               info->check_set |= XT_RECENT_REAP;
+               break;
         }
  }
  
  static void recent_check(struct xt_fcheck_call *cb)
  {
+       struct xt_recent_mtinfo *info = cb->data;
+
         if (!(cb->xflags & F_ANY_OP))
                 xtables_error(PARAMETER_PROBLEM,
                         "recent: you must specify one of `--set', `--rcheck' "
@@ -146,6 +157,8 @@ static void recent_print(const void *ip, const struct xt_entry_match *match,
         if (info->check_set & XT_RECENT_REMOVE)
                 printf(" REMOVE");
         if(info->seconds) printf(" seconds: %d", info->seconds);
+       if (info->check_set & XT_RECENT_REAP)
+               printf(" reap");
         if(info->hit_count) printf(" hit_count: %d", info->hit_count);
         if (info->check_set & XT_RECENT_TTL)
                 printf(" TTL-Match");
@@ -172,6 +185,8 @@ static void recent_save(const void *ip, const struct xt_entry_match *match)
         if (info->check_set & XT_RECENT_REMOVE)
                 printf(" --remove");
         if(info->seconds) printf(" --seconds %d", info->seconds);
+       if (info->check_set & XT_RECENT_REAP)
+               printf(" --reap");
         if(info->hit_count) printf(" --hitcount %d", info->hit_count);
         if (info->check_set & XT_RECENT_TTL)
                 printf(" --rttl");
diff --git a/extensions/libxt_recent.man b/extensions/libxt_recent.man

index 0392c2cac9c011cb4af58bb5441b6062f900a09e..8043df4a104a2932bfc2d42cbc0d50704398ce6c 100644 (file)
--- a/extensions/libxt_recent.man
+++ b/extensions/libxt_recent.man
@@ -41,6 +41,11 @@ This option must be used in conjunction with one of \fB\-\-rcheck\fP or
  \fB\-\-update\fP. When used, this will narrow the match to only happen when the
  address is in the list and was seen within the last given number of seconds.
  .TP
+\fB\-\-reap\fP
+This option can only be used in conjunction with \fB\-\-seconds\fP.
+When used, this will cause entries older than the last given number of seconds
+to be purged.
+.TP
  \fB\-\-hitcount\fP \fIhits\fP
  This option must be used in conjunction with one of \fB\-\-rcheck\fP or
  \fB\-\-update\fP. When used, this will narrow the match to only happen when the
author	Tim Gardner <tim.gardner@canonical.com>
	Wed, 30 Nov 2011 15:16:53 +0000 (08:16 -0700)
committer	Jan Engelhardt <jengelh@medozas.de>
	Fri, 9 Dec 2011 04:11:45 +0000 (05:11 +0100)
extensions/libxt_recent.c		patch \| blob \| blame \| history
extensions/libxt_recent.man		patch \| blob \| blame \| history