diff -ruN ipt-orig/extensions/libxt_TIMEOUT.c ipt-new/extensions/libxt_TIMEOUT.c --- ipt-orig/extensions/libxt_TIMEOUT.c 1969-12-31 16:00:00.000000000 -0800 +++ ipt-new/extensions/libxt_TIMEOUT.c 2007-11-17 09:57:16.000000000 -0800 @@ -0,0 +1,111 @@ +/* Shared library add-on to iptables for the TIMEOUT target + * (C) 2007 by Phil Oester + * + * This program is distributed under the terms of GNU GPL + */ +#include +#include +#include +#include +#include + +#include +#include +#include + +#define XT_TIMEOUT_USED 1 + +static void TIMEOUT_help(void) +{ + printf( +"TIMEOUT target v%s options\n" +" --timeout value Set conntrack TIMEOUT to \n" +, IPTABLES_VERSION); +} + +static int TIMEOUT_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_target **target) +{ + struct xt_timeout_info *info = (struct xt_timeout_info *) (*target)->data; + unsigned int value; + + if (*flags & XT_TIMEOUT_USED) { + exit_error(PARAMETER_PROBLEM, + "Can't specify TIMEOUT option twice"); + } + + if (!optarg) + exit_error(PARAMETER_PROBLEM, + "TIMEOUT: You must specify a value"); + + if (check_inverse(optarg, &invert, NULL, 0)) + exit_error(PARAMETER_PROBLEM, + "TIMEOUT: unexpected `!'"); + + if (string_to_number(optarg, 0, 0xFFFFFFFF, &value) == -1) + exit_error(PARAMETER_PROBLEM, + "TIMEOUT: Value overflow"); + + switch (c) { + + case '1': + break; + + default: + return 0; + + } + + info->timeout = value; + *flags |= XT_TIMEOUT_USED; + + return 1; +} + +static void TIMEOUT_check(unsigned int flags) +{ + if (!(flags & XT_TIMEOUT_USED)) + exit_error(PARAMETER_PROBLEM, + "TIMEOUT: You must specify an action"); +} + +static void TIMEOUT_save(const void *ip, const struct xt_entry_target *target) +{ + const struct xt_timeout_info *info = + (struct xt_timeout_info *) target->data; + + printf("--timeout %u ", info->timeout); +} + +static void TIMEOUT_print(const void *ip, const struct xt_entry_target *target, + int numeric) +{ + const struct xt_timeout_info *info = + (struct xt_timeout_info *) target->data; + + printf("timeout %u ", info->timeout); +} + +static const struct option TIMEOUT_opts[] = { + { "timeout", 1, NULL, '1' }, + { } +}; + +static struct iptables_target timeout_target = { + .next = NULL, + .name = "TIMEOUT", + .version = IPTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_timeout_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_timeout_info)), + .help = TIMEOUT_help, + .parse = TIMEOUT_parse, + .final_check = TIMEOUT_check, + .print = TIMEOUT_print, + .save = TIMEOUT_save, + .extra_opts = TIMEOUT_opts, +}; + +void _init(void) +{ + register_target(&timeout_target); +} diff -ruN ipt-orig/extensions/Makefile ipt-new/extensions/Makefile --- ipt-orig/extensions/Makefile 2007-10-31 04:46:40.000000000 -0700 +++ ipt-new/extensions/Makefile 2007-11-02 14:14:22.000000000 -0700 @@ -7,7 +7,7 @@ # PF_EXT_SLIB:=ah addrtype conntrack ecn icmp iprange owner policy realm recent tos ttl unclean CLUSTERIP DNAT ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL ULOG PF6_EXT_SLIB:=ah dst eui64 frag hbh hl icmp6 ipv6header mh owner policy rt HL LOG REJECT -PFX_EXT_SLIB:=connbytes connmark connlimit comment dccp dscp esp hashlimit helper length limit mac mark multiport physdev pkttype quota sctp state statistic standard string tcp tcpmss time u32 udp CLASSIFY CONNMARK DSCP MARK NFLOG NFQUEUE NOTRACK TCPMSS TRACE +PFX_EXT_SLIB:=connbytes connmark connlimit comment dccp dscp esp hashlimit helper length limit mac mark multiport physdev pkttype quota sctp state statistic standard string tcp tcpmss time u32 udp CLASSIFY CONNMARK DSCP MARK NFLOG NFQUEUE NOTRACK TCPMSS TRACE TIMEOUT PF_EXT_SELINUX_SLIB:= PF6_EXT_SELINUX_SLIB:= diff -ruN ipt-orig/include/linux/netfilter/xt_TIMEOUT.h ipt-new/include/linux/netfilter/xt_TIMEOUT.h --- ipt-orig/include/linux/netfilter/xt_TIMEOUT.h 1969-12-31 16:00:00.000000000 -0800 +++ ipt-new/include/linux/netfilter/xt_TIMEOUT.h 2007-11-16 16:56:03.000000000 -0800 @@ -0,0 +1,8 @@ +#ifndef _XT_TIMEOUT_H +#define _XT_TIMEOUT_H + +struct xt_timeout_info { + u_int32_t timeout; +}; + +#endif /*_XT_TIMEOUT_H*/