[PATCH] ipt_recent-0.2.2

[PATCH] ipt_recent-0.2.2

[Stephen Frost]

[-- Attachment #1.1: Type: text/plain, Size: 266 bytes --]

Harald,

  Sending this again with hopes that it will get in before the next
  official release.  Just a small bugfix, thanks.

Changelog:
  - If not SET and not found, return immediately instead of flipping the
    hash entries first (in the event of a collision).

[-- Attachment #1.2: ipt_recent-0.2.2.patch --]
[-- Type: text/plain, Size: 2151 bytes --]

diff -uNr netfilter-old/userspace/patch-o-matic/extra/recent.patch netfilter/userspace/patch-o-matic/extra/recent.patch
--- netfilter-old/userspace/patch-o-matic/extra/recent.patch	Fri Jun 21 09:49:01 2002
+++ netfilter/userspace/patch-o-matic/extra/recent.patch	Fri Jun 21 10:10:13 2002
@@ -26,7 +26,7 @@
 +#endif /*_IPT_RECENT_H*/
 diff -uNr linux-2.4.18-clean/net/ipv4/netfilter/ipt_recent.c linux-2.4.18/net/ipv4/netfilter/ipt_recent.c
 --- linux-2.4.18-clean/net/ipv4/netfilter/ipt_recent.c	Wed Dec 31 19:00:00 1969
-+++ linux-2.4.18/net/ipv4/netfilter/ipt_recent.c	Mon Jun 17 20:13:00 2002
++++ linux-2.4.18/net/ipv4/netfilter/ipt_recent.c	Fri Jun 21 10:06:15 2002
 @@ -0,0 +1,786 @@
 +/* Kernel module to check if the source address has been seen recently. */
 +#include <linux/module.h>
@@ -51,7 +51,7 @@
 +static int debug = 0;
 +
 +#define RECENT_NAME	"ipt_recent"
-+#define RECENT_VER	"v0.2.1"
++#define RECENT_VER	"v0.2.2"
 +
 +static char version[] =
 +KERN_INFO RECENT_NAME " " RECENT_VER ": Stephen Frost <sfrost@snowman.net>.  http://snowman.net/projects/ipt_recent/\n";
@@ -394,6 +394,13 @@
 +			hash_result = (hash_result + 1) % ip_list_hash_size;
 +		}
 +	}
++
++	if(hash_table[hash_result] == -1 && !(info->check_set & IPT_RECENT_SET)) {
++		/* IP not in list and not asked to SET */
++		spin_unlock_bh(&curr_table->list_lock);
++		return ans;
++	}
++
 +	/* Check if we need to handle the collision, do not need to on REMOVE */
 +	if(orig_hash_result != hash_result && !(info->check_set & IPT_RECENT_REMOVE)) {
 +		if(debug) printk(KERN_INFO "ipt_recent: match(): Collision in hash table. (or: %d,hr: %d,oa: %u,ha: %u)\n",
@@ -431,13 +438,6 @@
 +	if(hash_table[hash_result] == -1) {
 +		if(debug) printk(KERN_INFO "ipt_recent: match(): New table entry. (hr: %d,ha: %u)\n",
 +				 hash_result, addr);
-+
-+		/* New item, find place to put it */
-+		if(!(info->check_set & IPT_RECENT_SET)) {
-+			/* IP not in list and not asked to SET */
-+			spin_unlock_bh(&curr_table->list_lock);
-+			return ans;
-+		}
 +
 +		/* New item found and IPT_RECENT_SET, so we need to add it */
 +		location = time_info[curr_table->time_pos].position;

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [PATCH] ipt_recent-0.2.2

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 549 bytes --]

On Mon, Jul 01, 2002 at 07:27:31AM -0400, Stephen Frost wrote:
> Harald,
> 
>   Sending this again with hopes that it will get in before the next
>   official release.  Just a small bugfix, thanks.

applied.

-- 
Live long and prosper
- Harald Welte / laforge@gnumonks.org               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

ipt_recent-0.2.1 [PATCH]

[Stephen Frost]

[-- Attachment #1.1: Type: text/plain, Size: 2118 bytes --]

Hey all,

  Version 0.2.1 of my ipt_recent module has been up and running on my
  production firewall for over a week now (8 days) and I've gotten
  reports from other people that they're using the module and everything
  is working.  Since I havn't had any bug reports and everything has
  been working fine for me I'm submitting this patch against the current
  netfilter tree to bring ipt_recent up to the current version in the
  CVS tree.  Harald, as opportunity allows I'd appriciate having this
  patch incorporated into the netfilter tree.  Following is the
  ChangeLog:

Big Changes:
  - The module is now hash-based for lookups and a sorted list is
    maintained for finding the oldest address in the list (which will be
    replaced by the newest once the table is full).
  - Multiple tables supported now
  - /proc/net/ipt_recent is now a directory where each file is a table
  - Source and Destination address matching ability, per table.
  - Alot of printk's for debugging, if you turn it on.
  - Finer grained locking; locks for a short time to locate the table to
    perform the match on and then locks that table and unlocks the
    overall lock; so, speed increase with multiple tables for SMP
    systems, though I think you'd have to throw alot at the system to
    really notice..
  - Changed basically everything to use vmalloc's instead of kmalloc;
    mallocs of any kind are only done when the module is inserted or a
    new table is created so there isn't any reason to use kalloc.

Smaller Changes:
  - Fixed argument processing
  - Changed method used to clear out a table (echo "clear" > table now)
  - Updated documentation for changes
  - Increased default table size to 100 since table size affects
    performance much, much, much less now.
  - Cleaned up some of the formatting of the files
  - Added versioning to the module

  All in all I feel very comfortable with this module and look forward
  to seeing the netfilter CVS version updated with all of the
  improvments and the many bug fixes.

  Any questions, comments, please feel free to contact me.

  	Thanks,

		Stephen

[-- Attachment #1.2: ipt_recent-0.2.1.patch.gz --]
[-- Type: application/octet-stream, Size: 8796 bytes --]

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: ipt_recent-0.2.1 [PATCH]

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 691 bytes --]

On Tue, Jun 18, 2002 at 12:34:39AM -0400, Stephen Frost wrote:
> Hey all,
> 
>   Version 0.2.1 of my ipt_recent module has been up and running on my

thanks. For future reference: please send patches as mime attachment,
uncompressed. this way i can read them in the mailer and don't need to save,
unzip them before.

>   	Thanks,
> 		Stephen

-- 
Live long and prosper
- Harald Welte / laforge@gnumonks.org               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ 
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

[PATCH] ipt_recent-0.2.2

[Stephen Frost]

[-- Attachment #1.1: Type: text/plain, Size: 649 bytes --]

* Harald Welte (laforge@gnumonks.org) wrote:
> On Tue, Jun 18, 2002 at 12:34:39AM -0400, Stephen Frost wrote:
> > Hey all,
> > 
> >   Version 0.2.1 of my ipt_recent module has been up and running on my
> 
> thanks. For future reference: please send patches as mime attachment,
> uncompressed. this way i can read them in the mailer and don't need to save,
> unzip them before.

No problem, just thought it a little large to send uncompressed.
Hopefully this one is better; just a minor bugfix.

Changelog:
  - If not SET and not found, return immediately instead of flipping the
    hash entries first (in the event of a collision).

[-- Attachment #1.2: ipt_recent-0.2.2.patch --]
[-- Type: text/plain, Size: 2151 bytes --]

diff -uNr netfilter-old/userspace/patch-o-matic/extra/recent.patch netfilter/userspace/patch-o-matic/extra/recent.patch
--- netfilter-old/userspace/patch-o-matic/extra/recent.patch	Fri Jun 21 09:49:01 2002
+++ netfilter/userspace/patch-o-matic/extra/recent.patch	Fri Jun 21 10:10:13 2002
@@ -26,7 +26,7 @@
 +#endif /*_IPT_RECENT_H*/
 diff -uNr linux-2.4.18-clean/net/ipv4/netfilter/ipt_recent.c linux-2.4.18/net/ipv4/netfilter/ipt_recent.c
 --- linux-2.4.18-clean/net/ipv4/netfilter/ipt_recent.c	Wed Dec 31 19:00:00 1969
-+++ linux-2.4.18/net/ipv4/netfilter/ipt_recent.c	Mon Jun 17 20:13:00 2002
++++ linux-2.4.18/net/ipv4/netfilter/ipt_recent.c	Fri Jun 21 10:06:15 2002
 @@ -0,0 +1,786 @@
 +/* Kernel module to check if the source address has been seen recently. */
 +#include <linux/module.h>
@@ -51,7 +51,7 @@
 +static int debug = 0;
 +
 +#define RECENT_NAME	"ipt_recent"
-+#define RECENT_VER	"v0.2.1"
++#define RECENT_VER	"v0.2.2"
 +
 +static char version[] =
 +KERN_INFO RECENT_NAME " " RECENT_VER ": Stephen Frost <sfrost@snowman.net>.  http://snowman.net/projects/ipt_recent/\n";
@@ -394,6 +394,13 @@
 +			hash_result = (hash_result + 1) % ip_list_hash_size;
 +		}
 +	}
++
++	if(hash_table[hash_result] == -1 && !(info->check_set & IPT_RECENT_SET)) {
++		/* IP not in list and not asked to SET */
++		spin_unlock_bh(&curr_table->list_lock);
++		return ans;
++	}
++
 +	/* Check if we need to handle the collision, do not need to on REMOVE */
 +	if(orig_hash_result != hash_result && !(info->check_set & IPT_RECENT_REMOVE)) {
 +		if(debug) printk(KERN_INFO "ipt_recent: match(): Collision in hash table. (or: %d,hr: %d,oa: %u,ha: %u)\n",
@@ -431,13 +438,6 @@
 +	if(hash_table[hash_result] == -1) {
 +		if(debug) printk(KERN_INFO "ipt_recent: match(): New table entry. (hr: %d,ha: %u)\n",
 +				 hash_result, addr);
-+
-+		/* New item, find place to put it */
-+		if(!(info->check_set & IPT_RECENT_SET)) {
-+			/* IP not in list and not asked to SET */
-+			spin_unlock_bh(&curr_table->list_lock);
-+			return ans;
-+		}
 +
 +		/* New item found and IPT_RECENT_SET, so we need to add it */
 +		location = time_info[curr_table->time_pos].position;

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]