support for srcip-* hashmodes added

diff --git a/extensions/libipt_dstlimit.c b/extensions/libipt_dstlimit.c
index 7d8cb9cced2f7e6662dd886cdfa693c3c56864c6..fe204d5d893212460a522f34691ae71c03b6b30d 100644 (file)
--- a/extensions/libipt_dstlimit.c
+++ b/extensions/libipt_dstlimit.c
@@ -22,7 +22,7 @@
 
 /* miliseconds */
 #define IPT_DSTLIMIT_GCINTERVAL        1000
-#define IPT_DSTLIMIT_EXPIRE    10
+#define IPT_DSTLIMIT_EXPIRE    10000
 
 /* Function which prints out usage message. */
 static void
@@ -33,7 +33,11 @@ help(void)
 "--dstlimit <avg>              max average match rate\n"
 "                                [Packets per second unless followed by \n"
 "                                /sec /minute /hour /day postfixes]\n"
-"--dstlimit-mode <mode>                mode (destip|destip-destport)\n"
+"--dstlimit-mode <mode>                mode\n"
+"                                      dstip\n"
+"                                      dstip-destport\n"
+"                                      srcip-dstip\n"
+"                                      srcip-dstip-destport\n"
 "--dstlimit-name <name>                name for /proc/net/ipt_dstlimit/\n"
 "[--dstlimit-burst <num>]      number to match in a burst, default %u\n"
 "[--dstlimit-htable-size <num>]        number of hashtable buckets\n"
@@ -196,10 +200,14 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                if (check_inverse(optarg, &invert, NULL, 0))
                        exit_error(PARAMETER_PROBLEM, "Unexpected `!' after "
                                        "--dstlimit-mode");
-               if (!strcmp(optarg, "destip"))
-                       r->mode = IPT_DSTLIMIT_MODE_DIP;
-               else if (!strcmp(optarg, "destip-destport"))
-                       r->mode = IPT_DSTLIMIT_MODE_DIP_DPT;
+               if (!strcmp(optarg, "dstip"))
+                       r->mode = IPT_DSTLIMIT_HASH_DIP;
+               else if (!strcmp(optarg, "dstip-destport"))
+                       r->mode = IPT_DSTLIMIT_HASH_DIP|IPT_DSTLIMIT_HASH_DPT;
+               else if (!strcmp(optarg, "srcip-dstip"))
+                       r->mode = IPT_DSTLIMIT_HASH_SIP|IPT_DSTLIMIT_HASH_DIP;
+               else if (!strcmp(optarg, "srcip-dstip-destport"))
+                       r->mode = IPT_DSTLIMIT_HASH_SIP|IPT_DSTLIMIT_HASH_DIP|IPT_DSTLIMIT_HASH_DPT;
                else
                        exit_error(PARAMETER_PROBLEM, 
                                "bad --dstlimit-mode: `%s'\n", optarg);
@@ -226,7 +234,7 @@ static void final_check(unsigned int flags)
 {
        if (!(flags & PARAM_LIMIT))
                exit_error(PARAMETER_PROBLEM,
-                               "You have to specify --dstlimit-rate");
+                               "You have to specify --dstlimit");
        if (!(flags & PARAM_MODE))
                exit_error(PARAMETER_PROBLEM,
                                "You have to specify --dstlimit-mode");
@@ -268,12 +276,18 @@ print(const struct ipt_ip *ip,
        printf("limit: avg "); print_rate(r->avg);
        printf("burst %u ", r->burst);
        switch (r->mode) {
-               case IPT_DSTLIMIT_MODE_DIP:
+               case (IPT_DSTLIMIT_HASH_DIP):
                        printf("mode dstip ");
                        break;
-               case IPT_DSTLIMIT_MODE_DIP_DPT:
+               case (IPT_DSTLIMIT_HASH_DIP|IPT_DSTLIMIT_HASH_DPT):
                        printf("mode dstip-dstport ");
                        break;
+               case (IPT_DSTLIMIT_HASH_SIP|IPT_DSTLIMIT_HASH_DIP):
+                       printf("mode srcip-dstip ");
+                       break;
+               case (IPT_DSTLIMIT_HASH_SIP|IPT_DSTLIMIT_HASH_DIP|IPT_DSTLIMIT_HASH_DPT):
+                       printf("mode srcip-dstip-dstport ");
+                       break;
        }
        printf("htable-size %u ", r->size);
        printf("htable-max %u ", r->max);
@@ -291,12 +305,18 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        if (r->burst != IPT_DSTLIMIT_BURST)
                printf("--limit-burst %u ", r->burst);
        switch (r->mode) {
-               case IPT_DSTLIMIT_MODE_DIP:
+               case (IPT_DSTLIMIT_HASH_DIP):
                        printf("--mode dstip ");
                        break;
-               case IPT_DSTLIMIT_MODE_DIP_DPT:
+               case (IPT_DSTLIMIT_HASH_DIP|IPT_DSTLIMIT_HASH_DPT):
                        printf("--mode dstip-dstport ");
                        break;
+               case (IPT_DSTLIMIT_HASH_SIP|IPT_DSTLIMIT_HASH_DIP):
+                       printf("--mode srcip-dstip ");
+                       break;
+               case (IPT_DSTLIMIT_HASH_SIP|IPT_DSTLIMIT_HASH_DIP|IPT_DSTLIMIT_HASH_DPT):
+                       printf("--mode srcip-dstip-dstport ");
+                       break;
        }
        printf("--htable-size %u ", r->size);
        printf("--htable-max %u ", r->max);