From 4fce44c21c93fdc358917e6a9238f1de7601b295 Mon Sep 17 00:00:00 2001
From: Stephen Frost <sfrost@snowman.net>
Date: Mon, 4 Feb 2002 11:58:22 +0000
Subject: recent patch update by stephen frost

---
 extensions/libipt_recent.c | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/extensions/libipt_recent.c b/extensions/libipt_recent.c
index 8c4a1a33..48cc8140 100644
--- a/extensions/libipt_recent.c
+++ b/extensions/libipt_recent.c
@@ -24,6 +24,12 @@ help(void)
 "    --hitcount hits             For check and update commands above.\n"
 "                                Specifies that the match will only occur if source address seen hits times.\n"
 "                                May be used in conjunction with the seconds option.\n",
+"    --rttl                      For check and update commands above.\n"
+"                                Specifies that the match will only occur if the source address and the TTL\n"
+"                                match between this packet and the one which was set.\n"
+"                                Useful if you have problems with people spoofing their source address in order\n"
+"                                to DoS you via this module.\n"
+"    --name name                 Name of the recent list to be used.  DEFAULT used if none given.\n",
 NETFILTER_VERSION);
 
 }
@@ -35,6 +41,8 @@ static struct option opts[] = {
 	{ "seconds", 1, 0, 204 }, 
 	{ "hitcount", 1, 0, 205 },
 	{ "remove",0, 0, 206 },
+	{ "rttl",0, 0, 207},
+	{ "name", 1, 0, 208},
 	{0}
 };
 
@@ -55,6 +63,8 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 {
 	struct ipt_recent_info *info = (struct ipt_recent_info *)(*match)->data;
 
+	info->name[0] = '\0';
+
 	switch (c) {
 		case 201:
 			if (*flags) exit_error(PARAMETER_PROBLEM,
@@ -104,9 +114,20 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 			info->hit_count = atoi(optarg);
 			break;
 
+		case 207:
+			info->check_set |= IPT_RECENT_TTL;
+			break;
+
+		case 208:
+			strncpy(info->name,optarg,200);
+			break;
+
 		default:
 			return 0;
 	}
+
+	if(!info->name[0]) strncpy(info->name,"DEFAULT",200);
+
 	return 1;
 }
 
@@ -135,8 +156,10 @@ print(const struct ipt_ip *ip,
 	if(info->check_set & IPT_RECENT_CHECK) printf("CHECK ");
 	if(info->check_set & IPT_RECENT_UPDATE) printf("UPDATE ");
 	if(info->check_set & IPT_RECENT_REMOVE) printf("REMOVE ");
-	if(info->seconds) printf("seconds: %d",info->seconds);
-	if(info->hit_count) printf("hit_count: %d",info->hit_count);
+	if(info->seconds) printf("seconds: %d ",info->seconds);
+	if(info->hit_count) printf("hit_count: %d ",info->hit_count);
+	if(info->check_set & IPT_RECENT_TTL) printf("TTL-Match ");
+	if(info->name) printf("name: %s",info->name);
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
@@ -152,8 +175,10 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
 	if(info->check_set & IPT_RECENT_CHECK) printf("CHECK ");
 	if(info->check_set & IPT_RECENT_UPDATE) printf("UPDATE ");
 	if(info->check_set & IPT_RECENT_REMOVE) printf("REMOVE ");
-	if(info->seconds) printf("seconds: ");
-	if(info->hit_count) printf("hit_count: ");
+	if(info->seconds) printf("seconds: %d ",info->seconds);
+	if(info->hit_count) printf("hit_count: %d ",info->hit_count);
+	if(info->check_set & IPT_RECENT_TTL) printf("TTL-Match ");
+	if(info->name) printf("name: %s",info->name);
 }
 
 static
-- 
cgit v1.2.3