* extending dst_entry
@ 2002-05-26 19:38 Fruhwirth Clemens
0 siblings, 0 replies; only message in thread
From: Fruhwirth Clemens @ 2002-05-26 19:38 UTC (permalink / raw)
To: netdev
[-- Attachment #1: Type: text/plain, Size: 725 bytes --]
hi!
i'd like to add an netfilter module, which limits the diversity of tcp/udp
ports for a given remote peer via a tocken bucket filter. the aim of that is
mainly an instant response to port scans. it's quite easy to modify the
"limit" module that netfilter has right now, but in opposite to this module
my module will need to store information with every remote peer instead of a
global match rule state.
so i'm thinking about extending dst_entry and further dst.c to contain
netfilter specific code, which lead to a not so nice spagetti code
architecture.
any other suggestions how i could store peer specific information without
implementing an dst_entry styled hashtable on my own?
clemens
please CC me, not on list.
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-05-26 19:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-05-26 19:38 extending dst_entry Fruhwirth Clemens
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).