'recent' match update by Stephen Frost:

- Moved RECENT_NAME/RECENT_VER #define's to ipt_recent.h
- Added #define for IPT_RECENT_NAME_LEN instead of using constants directly
- Changed default packet count list length to 20 instead of 10
- Added option to define permissions for proc files created under
  /proc/net/ipt_recent
- Changed printfs to be unsigned for unsigned variables
- Added explicit NULL termination for table name
- Fixed TTL checking to deal with TTL decrementing in routing logic, should
  work across chains now.
- Side to check/set against is no longer per-table but per-rule, default src
- Created unsigned time_temp for time caluclations instead of using signed
  temp variables
- Fixed spinlock handling in checkentry to not vmalloc while holding a
  spinlock.
- Cleaned up memory free'ing routines to correctly free all memory on failure
- Fixed spinlock handling in destroy to not free while holding spinlock
- Added sanity check to hash table size, if an invalid size is given the
  default will be used instead and a warning generated.
- Fixed save() function in libipt_recent.c
- Cleaned up and shortened recent.patch.help

diff --git a/extensions/libipt_recent.c b/extensions/libipt_recent.c
index 7c16d20dfc5bb4700fbd973d9e5c22fc70d2e015..e38fa319581f6799250584184d83264e28d7007b 100644 (file)
--- a/extensions/libipt_recent.c
+++ b/extensions/libipt_recent.c
@@ -32,6 +32,7 @@ help(void)
 "    --name name                 Name of the recent list to be used.  DEFAULT used if none given.\n"
 "    --rsource                   Save the source address of each packet in the recent list table (default).\n"
 "    --rdest                     Save the destination address of each packet in the recent list table.\n"
+RECENT_NAME " " RECENT_VER ": Stephen Frost <sfrost@snowman.net>.  http://snowman.net/projects/ipt_recent/\n"
 ,
 IPTABLES_VERSION);
 
@@ -59,7 +60,7 @@ init(struct ipt_entry_match *match, unsigned int *nfcache)
 
        *nfcache |= NFC_UNKNOWN;
 
-       strncpy(info->name,"DEFAULT",200);
+       strncpy(info->name,"DEFAULT",IPT_RECENT_NAME_LEN);
        info->side = IPT_RECENT_SOURCE;
 }
 
@@ -75,7 +76,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
        switch (c) {
                case 201:
                        if (*flags) exit_error(PARAMETER_PROBLEM,
-                                       "recent: only one of `--set', `--check' "
+                                       "recent: only one of `--set', `--rcheck' "
                                        "`--update' or `--remove' may be set");
                        check_inverse(optarg, &invert, &optind, 0);
                        info->check_set |= IPT_RECENT_SET;
@@ -85,7 +86,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                        
                case 202:
                        if (*flags) exit_error(PARAMETER_PROBLEM,
-                                       "recent: only one of `--set', `--check' "
+                                       "recent: only one of `--set', `--rcheck' "
                                        "`--update' or `--remove' may be set");
                        check_inverse(optarg, &invert, &optind, 0);
                        info->check_set |= IPT_RECENT_CHECK;
@@ -95,7 +96,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 
                case 203:
                        if (*flags) exit_error(PARAMETER_PROBLEM,
-                                       "recent: only one of `--set', `--check' "
+                                       "recent: only one of `--set', `--rcheck' "
                                        "`--update' or `--remove' may be set");
                        check_inverse(optarg, &invert, &optind, 0);
                        info->check_set |= IPT_RECENT_UPDATE;
@@ -105,7 +106,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 
                case 206:
                        if (*flags) exit_error(PARAMETER_PROBLEM,
-                                       "recent: only one of `--set', `--check' "
+                                       "recent: only one of `--set', `--rcheck' "
                                        "`--update' or `--remove' may be set");
                        check_inverse(optarg, &invert, &optind, 0);
                        info->check_set |= IPT_RECENT_REMOVE;
@@ -126,7 +127,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                        break;
 
                case 208:
-                       strncpy(info->name,optarg,200);
+                       strncpy(info->name,optarg,IPT_RECENT_NAME_LEN);
                        break;
 
                case 209:
@@ -151,7 +152,7 @@ final_check(unsigned int flags)
 
        if (!flags)
                exit_error(PARAMETER_PROBLEM,
-                       "recent: you must specify one of `--set', `--check' "
+                       "recent: you must specify one of `--set', `--rcheck' "
                        "`--update' or `--remove'");
 }
 
@@ -187,16 +188,16 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        if (info->invert) fputc('!', stdout);
 
        printf("recent: ");
-       if(info->check_set & IPT_RECENT_SET) printf("SET ");
-       if(info->check_set & IPT_RECENT_CHECK) printf("CHECK ");
-       if(info->check_set & IPT_RECENT_UPDATE) printf("UPDATE ");
-       if(info->check_set & IPT_RECENT_REMOVE) printf("REMOVE ");
-       if(info->seconds) printf("seconds: %d ",info->seconds);
-       if(info->hit_count) printf("hit_count: %d ",info->hit_count);
-       if(info->check_set & IPT_RECENT_TTL) printf("TTL-Match ");
-       if(info->name) printf("name: %s ",info->name);
-       if(info->side == IPT_RECENT_SOURCE) printf("side: source ");
-       if(info->side == IPT_RECENT_DEST) printf("side: dest");
+       if(info->check_set & IPT_RECENT_SET) printf("--set ");
+       if(info->check_set & IPT_RECENT_CHECK) printf("--rcheck ");
+       if(info->check_set & IPT_RECENT_UPDATE) printf("--update ");
+       if(info->check_set & IPT_RECENT_REMOVE) printf("--remove ");
+       if(info->seconds) printf("--seconds %d ",info->seconds);
+       if(info->hit_count) printf("--hitcount %d ",info->hit_count);
+       if(info->check_set & IPT_RECENT_TTL) printf("-rttl ");
+       if(info->name) printf("--name %s ",info->name);
+       if(info->side == IPT_RECENT_SOURCE) printf("--rsource ");
+       if(info->side == IPT_RECENT_DEST) printf("--rdest ");
 }
 
 static