diff -ruN ipt-orig/extensions/libxt_TIMEOUT.c ipt-new/extensions/libxt_TIMEOUT.c --- ipt-orig/extensions/libxt_TIMEOUT.c 1969-12-31 16:00:00.000000000 -0800 +++ ipt-new/extensions/libxt_TIMEOUT.c 2007-11-24 16:55:18.000000000 -0800 @@ -0,0 +1,111 @@ +/* Shared library add-on to iptables for the TIMEOUT target + * (C) 2007 by Phil Oester + * + * This program is distributed under the terms of GNU GPL + */ +#include +#include +#include +#include +#include + +#include +#include +#include + +#define XT_TIMEOUT_USED 1 + +static void TIMEOUT_help(void) +{ + printf( +"TIMEOUT target v%s options\n" +" --timeout value Set conntrack TIMEOUT to \n" +, IPTABLES_VERSION); +} + +static int TIMEOUT_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_target **target) +{ + struct nf_conn_timeout *info = (struct nf_conn_timeout *) (*target)->data; + unsigned int value; + + if (*flags & XT_TIMEOUT_USED) { + exit_error(PARAMETER_PROBLEM, + "Can't specify TIMEOUT option twice"); + } + + if (!optarg) + exit_error(PARAMETER_PROBLEM, + "TIMEOUT: You must specify a value"); + + if (check_inverse(optarg, &invert, NULL, 0)) + exit_error(PARAMETER_PROBLEM, + "TIMEOUT: unexpected `!'"); + + if (string_to_number(optarg, 0, 0xFFFFFFFF, &value) == -1) + exit_error(PARAMETER_PROBLEM, + "TIMEOUT: Value overflow"); + + switch (c) { + + case '1': + break; + + default: + return 0; + + } + + info->timeout = value; + *flags |= XT_TIMEOUT_USED; + + return 1; +} + +static void TIMEOUT_check(unsigned int flags) +{ + if (!(flags & XT_TIMEOUT_USED)) + exit_error(PARAMETER_PROBLEM, + "TIMEOUT: You must specify an action"); +} + +static void TIMEOUT_save(const void *ip, const struct xt_entry_target *target) +{ + const struct nf_conn_timeout *info = + (struct nf_conn_timeout *) target->data; + + printf("--timeout %u ", info->timeout); +} + +static void TIMEOUT_print(const void *ip, const struct xt_entry_target *target, + int numeric) +{ + const struct nf_conn_timeout *info = + (struct nf_conn_timeout *) target->data; + + printf("timeout %u ", info->timeout); +} + +static const struct option TIMEOUT_opts[] = { + { "timeout", 1, NULL, '1' }, + { } +}; + +static struct iptables_target timeout_target = { + .next = NULL, + .name = "TIMEOUT", + .version = IPTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct nf_conn_timeout)), + .userspacesize = XT_ALIGN(sizeof(struct nf_conn_timeout)), + .help = TIMEOUT_help, + .parse = TIMEOUT_parse, + .final_check = TIMEOUT_check, + .print = TIMEOUT_print, + .save = TIMEOUT_save, + .extra_opts = TIMEOUT_opts, +}; + +void _init(void) +{ + register_target(&timeout_target); +} diff -ruN ipt-orig/extensions/Makefile ipt-new/extensions/Makefile --- ipt-orig/extensions/Makefile 2007-10-31 04:46:40.000000000 -0700 +++ ipt-new/extensions/Makefile 2007-11-02 14:14:22.000000000 -0700 @@ -7,7 +7,7 @@ # PF_EXT_SLIB:=ah addrtype conntrack ecn icmp iprange owner policy realm recent tos ttl unclean CLUSTERIP DNAT ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL ULOG PF6_EXT_SLIB:=ah dst eui64 frag hbh hl icmp6 ipv6header mh owner policy rt HL LOG REJECT -PFX_EXT_SLIB:=connbytes connmark connlimit comment dccp dscp esp hashlimit helper length limit mac mark multiport physdev pkttype quota sctp state statistic standard string tcp tcpmss time u32 udp CLASSIFY CONNMARK DSCP MARK NFLOG NFQUEUE NOTRACK TCPMSS TRACE +PFX_EXT_SLIB:=connbytes connmark connlimit comment dccp dscp esp hashlimit helper length limit mac mark multiport physdev pkttype quota sctp state statistic standard string tcp tcpmss time u32 udp CLASSIFY CONNMARK DSCP MARK NFLOG NFQUEUE NOTRACK TCPMSS TRACE TIMEOUT PF_EXT_SELINUX_SLIB:= PF6_EXT_SELINUX_SLIB:= diff -ruN ipt-orig/include/linux/netfilter/xt_TIMEOUT.h ipt-new/include/linux/netfilter/xt_TIMEOUT.h --- ipt-orig/include/linux/netfilter/xt_TIMEOUT.h 1969-12-31 16:00:00.000000000 -0800 +++ ipt-new/include/linux/netfilter/xt_TIMEOUT.h 2007-11-24 16:59:37.000000000 -0800 @@ -0,0 +1,17 @@ +#ifndef _XT_TIMEOUT_H +#define _XT_TIMEOUT_H + +struct nf_conn_timeout { + u_int32_t timeout; +}; + +#ifdef __KERNEL__ +#include + +static inline struct nf_conn_timeout *nfct_timeout(const struct nf_conn *ct) +{ + return nf_ct_ext_find(ct, NF_CT_EXT_TIMEOUT); +} +#endif + +#endif /*_XT_TIMEOUT_H*/