← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/iptables/oneiric

« back to all changes in this revision

Viewing changes to extensions/libxt_hashlimit.c

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge, Lorenzo De Liso, Jamie Strandboge
  • Date: 2010-11-12 15:58:40 UTC
  • mfrom: (5.1.8 upstream) (2.1.11 sid)
  • Revision ID: james.westby@ubuntu.com-20101112155840-jm07l9o9722h0bvm
Tags: 1.4.10-1ubuntu1
https://launchpad.net/bugs/671652
[ Lorenzo De Liso ]
* Merge from debian unstable (LP: #671652), remaining changes:
  - Don't fail to run iptables-save if iptables module isn't loaded.
  - Revert changes between 1.4.1.1-3 and 1.4.1.1-4, thus bringing back
    the howtos.
  - Added linuxdoc-tools to Build-Depends
  - Modified debian/iptables{,-dev}.install to match DM syntax
    (removed debian/tmp)
  - Added -fno-strict-aliasing -Werror switches to regular_CFLAGS
    for catching errors early
  - Removed unused TC_NUM_RULES() and TC_GET_RULE()
* debian/patches/03-compilation-error.patch: updated
* debian/patches/0600-makefile_jedi_handwaving.patch: updated
* Dropped changes:
  - debian/patches/0902-docs-version-reference.diff: modifies files inside
    the debian/ directory and hence is not needed

[ Jamie Strandboge ]
* debian/patches/9000-howtos.patch:
  - combine 0102-howtos.patch and 0103-sgml_errors.patch into this patch
    and apply after the Debian patches for easier maintenance
  - add DEP-3 comments
* debian/patches/9001-build-libipq_pic.la.patch:
  - Build libipq_pic.la with -fPIC
  - add DEP-3 comments
* debian/iptables-dev.install: install lib/*.la in usr/lib
* merge debian/patches/9002-xt_recent-reap.patch:
  - support for the xt_recent filter --reap switch (refreshed and updated)
  - add DEP-3 comments
* debian/patches/9003-compilation-error.patch:
  - renamed 03-compilation-error.patch as 9003-compilation-error.patch
  - apply after Debian patches for easier maintenance
  - add DEP-3 comments
* debian/iptables.doc-base.{nat|packet-filter}: update for 2.6
* Dropped changes:
  - Replaced ipt_DSCP.h by xpt_DSCP.h in ipt_ECN.h and ipt_echn.h (applied
    upstream)
  - 9001-build-libipq_pic.a.patch (using la instead)

Show diffs side-by-side

added added

removed removed

Lines of Context:
extensions/libxt_hashlimit.c
67
67
}
68
68
 
69
69
static const struct option hashlimit_opts[] = {
70
 
        { "hashlimit", 1, NULL, '%' },
71
 
        { "hashlimit-burst", 1, NULL, '$' },
72
 
        { "hashlimit-htable-size", 1, NULL, '&' },
73
 
        { "hashlimit-htable-max", 1, NULL, '*' },
74
 
        { "hashlimit-htable-gcinterval", 1, NULL, '(' },
75
 
        { "hashlimit-htable-expire", 1, NULL, ')' },
76
 
        { "hashlimit-mode", 1, NULL, '_' },
77
 
        { "hashlimit-name", 1, NULL, '"' },
78
 
        { .name = NULL }
 
70
        {.name = "hashlimit",                   .has_arg = true, .val = '%'},
 
71
        {.name = "hashlimit-burst",             .has_arg = true, .val = '$'},
 
72
        {.name = "hashlimit-htable-size",       .has_arg = true, .val = '&'},
 
73
        {.name = "hashlimit-htable-max",        .has_arg = true, .val = '*'},
 
74
        {.name = "hashlimit-htable-gcinterval", .has_arg = true, .val = '('},
 
75
        {.name = "hashlimit-htable-expire",     .has_arg = true, .val = ')'},
 
76
        {.name = "hashlimit-mode",              .has_arg = true, .val = '_'},
 
77
        {.name = "hashlimit-name",              .has_arg = true, .val = '"'},
 
78
        XT_GETOPT_TABLEEND,
79
79
};
80
80
 
81
81
static const struct option hashlimit_mt_opts[] = {
91
91
        {.name = "hashlimit-htable-expire",     .has_arg = true, .val = ')'},
92
92
        {.name = "hashlimit-mode",              .has_arg = true, .val = '_'},
93
93
        {.name = "hashlimit-name",              .has_arg = true, .val = '"'},
94
 
        {},
 
94
        XT_GETOPT_TABLEEND,
95
95
};
96
96
 
97
97
static
219
219
        case '%':
220
220
                xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit",
221
221
                          *flags & PARAM_LIMIT);
222
 
                if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
 
222
                if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
223
223
                if (!parse_rate(optarg, &r->cfg.avg))
224
224
                        xtables_error(PARAMETER_PROBLEM,
225
225
                                   "bad rate `%s'", optarg);
229
229
        case '$':
230
230
                xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
231
231
                          *flags & PARAM_BURST);
232
 
                if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
 
232
                if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
233
233
                if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
234
234
                        xtables_error(PARAMETER_PROBLEM,
235
235
                                   "bad --hashlimit-burst `%s'", optarg);
239
239
        case '&':
240
240
                xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
241
241
                          *flags & PARAM_SIZE);
242
 
                if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
 
242
                if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
243
243
                if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
244
244
                        xtables_error(PARAMETER_PROBLEM,
245
245
                                "bad --hashlimit-htable-size: `%s'", optarg);
249
249
        case '*':
250
250
                xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
251
251
                          *flags & PARAM_MAX);
252
 
                if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
 
252
                if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
253
253
                if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
254
254
                        xtables_error(PARAMETER_PROBLEM,
255
255
                                "bad --hashlimit-htable-max: `%s'", optarg);
260
260
                xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
261
261
                          "--hashlimit-htable-gcinterval",
262
262
                          *flags & PARAM_GCINTERVAL);
263
 
                if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
 
263
                if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
264
264
                if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
265
265
                        xtables_error(PARAMETER_PROBLEM,
266
266
                                "bad --hashlimit-htable-gcinterval: `%s'", 
272
272
        case ')':
273
273
                xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
274
274
                          "--hashlimit-htable-expire", *flags & PARAM_EXPIRE);
275
 
                if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
 
275
                if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
276
276
                if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
277
277
                        xtables_error(PARAMETER_PROBLEM,
278
278
                                "bad --hashlimit-htable-expire: `%s'", optarg);
283
283
        case '_':
284
284
                xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
285
285
                          *flags & PARAM_MODE);
286
 
                if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
 
286
                if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
287
287
                if (parse_mode(&r->cfg.mode, optarg) < 0)
288
288
                        xtables_error(PARAMETER_PROBLEM,
289
289
                                   "bad --hashlimit-mode: `%s'\n", optarg);
292
292
        case '"':
293
293
                xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name",
294
294
                          *flags & PARAM_NAME);
295
 
                if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
 
295
                if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
296
296
                if (strlen(optarg) == 0)
297
297
                        xtables_error(PARAMETER_PROBLEM, "Zero-length name?");
298
298
                strncpy(r->name, optarg, sizeof(r->name));
591
591
        const struct xt_hashlimit_info *r = (const void *)match->data;
592
592
 
593
593
        fputs("--hashlimit ", stdout); print_rate(r->cfg.avg);
594
 
        if (r->cfg.burst != XT_HASHLIMIT_BURST)
595
 
                printf("--hashlimit-burst %u ", r->cfg.burst);
 
594
        printf("--hashlimit-burst %u ", r->cfg.burst);
596
595
 
597
596
        fputs("--hashlimit-mode ", stdout);
598
597
        print_mode(r->cfg.mode, ',');
617
616
        else
618
617
                fputs("--hashlimit-upto ", stdout);
619
618
        print_rate(info->cfg.avg);
620
 
        if (info->cfg.burst != XT_HASHLIMIT_BURST)
621
 
                printf("--hashlimit-burst %u ", info->cfg.burst);
 
619
        printf("--hashlimit-burst %u ", info->cfg.burst);
622
620
 
623
621
        if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
624
622
            XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
659
657
        hashlimit_mt_save(info, 128);
660
658
}
661
659
 
662
 
static struct xtables_match hashlimit_match = {
663
 
        .family         = NFPROTO_IPV4,
664
 
        .name           = "hashlimit",
665
 
        .version        = XTABLES_VERSION,
666
 
        .revision       = 0,
667
 
        .size           = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
668
 
        .userspacesize  = offsetof(struct xt_hashlimit_info, hinfo),
669
 
        .help           = hashlimit_help,
670
 
        .init           = hashlimit_init,
671
 
        .parse          = hashlimit_parse,
672
 
        .final_check    = hashlimit_check,
673
 
        .print          = hashlimit_print,
674
 
        .save           = hashlimit_save,
675
 
        .extra_opts     = hashlimit_opts,
676
 
};
677
 
 
678
 
static struct xtables_match hashlimit_match6 = {
679
 
        .family         = NFPROTO_IPV6,
680
 
        .name           = "hashlimit",
681
 
        .version        = XTABLES_VERSION,
682
 
        .revision       = 0,
683
 
        .size           = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
684
 
        .userspacesize  = offsetof(struct xt_hashlimit_info, hinfo),
685
 
        .help           = hashlimit_help,
686
 
        .init           = hashlimit_init,
687
 
        .parse          = hashlimit_parse,
688
 
        .final_check    = hashlimit_check,
689
 
        .print          = hashlimit_print,
690
 
        .save           = hashlimit_save,
691
 
        .extra_opts     = hashlimit_opts,
692
 
};
693
 
 
694
 
static struct xtables_match hashlimit_mt_reg = {
695
 
        .version        = XTABLES_VERSION,
696
 
        .name           = "hashlimit",
697
 
        .revision       = 1,
698
 
        .family         = NFPROTO_IPV4,
699
 
        .size           = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
700
 
        .userspacesize  = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
701
 
        .help           = hashlimit_mt_help,
702
 
        .init           = hashlimit_mt4_init,
703
 
        .parse          = hashlimit_mt4_parse,
704
 
        .final_check    = hashlimit_mt_check,
705
 
        .print          = hashlimit_mt4_print,
706
 
        .save           = hashlimit_mt4_save,
707
 
        .extra_opts     = hashlimit_mt_opts,
708
 
};
709
 
 
710
 
static struct xtables_match hashlimit_mt6_reg = {
711
 
        .version        = XTABLES_VERSION,
712
 
        .name           = "hashlimit",
713
 
        .revision       = 1,
714
 
        .family         = NFPROTO_IPV6,
715
 
        .size           = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
716
 
        .userspacesize  = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
717
 
        .help           = hashlimit_mt_help,
718
 
        .init           = hashlimit_mt6_init,
719
 
        .parse          = hashlimit_mt6_parse,
720
 
        .final_check    = hashlimit_mt_check,
721
 
        .print          = hashlimit_mt6_print,
722
 
        .save           = hashlimit_mt6_save,
723
 
        .extra_opts     = hashlimit_mt_opts,
 
660
static struct xtables_match hashlimit_mt_reg[] = {
 
661
        {
 
662
                .family        = NFPROTO_UNSPEC,
 
663
                .name          = "hashlimit",
 
664
                .version       = XTABLES_VERSION,
 
665
                .revision      = 0,
 
666
                .size          = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
 
667
                .userspacesize = offsetof(struct xt_hashlimit_info, hinfo),
 
668
                .help          = hashlimit_help,
 
669
                .init          = hashlimit_init,
 
670
                .parse         = hashlimit_parse,
 
671
                .final_check   = hashlimit_check,
 
672
                .print         = hashlimit_print,
 
673
                .save          = hashlimit_save,
 
674
                .extra_opts    = hashlimit_opts,
 
675
        },
 
676
        {
 
677
                .version       = XTABLES_VERSION,
 
678
                .name          = "hashlimit",
 
679
                .revision      = 1,
 
680
                .family        = NFPROTO_IPV4,
 
681
                .size          = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
 
682
                .userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
 
683
                .help          = hashlimit_mt_help,
 
684
                .init          = hashlimit_mt4_init,
 
685
                .parse         = hashlimit_mt4_parse,
 
686
                .final_check   = hashlimit_mt_check,
 
687
                .print         = hashlimit_mt4_print,
 
688
                .save          = hashlimit_mt4_save,
 
689
                .extra_opts    = hashlimit_mt_opts,
 
690
        },
 
691
        {
 
692
                .version       = XTABLES_VERSION,
 
693
                .name          = "hashlimit",
 
694
                .revision      = 1,
 
695
                .family        = NFPROTO_IPV6,
 
696
                .size          = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
 
697
                .userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
 
698
                .help          = hashlimit_mt_help,
 
699
                .init          = hashlimit_mt6_init,
 
700
                .parse         = hashlimit_mt6_parse,
 
701
                .final_check   = hashlimit_mt_check,
 
702
                .print         = hashlimit_mt6_print,
 
703
                .save          = hashlimit_mt6_save,
 
704
                .extra_opts    = hashlimit_mt_opts,
 
705
        },
724
706
};
725
707
 
726
708
void _init(void)
727
709
{
728
 
        xtables_register_match(&hashlimit_match);
729
 
        xtables_register_match(&hashlimit_match6);
730
 
        xtables_register_match(&hashlimit_mt_reg);
731
 
        xtables_register_match(&hashlimit_mt6_reg);
 
710
        xtables_register_matches(hashlimit_mt_reg, ARRAY_SIZE(hashlimit_mt_reg));
732
711
}