Fixing the ipt_recent Netfilter Module Description of patch: http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/ Original patch comes from http://blog.blackdown.de/static/kernel/ipt_recent-fix.patch This version of patch is against linux kernel 2.4.36 (http://dg.sad.lv/files/ipt_recent.2.4.patch) --- linux-2.4.36.7.orig/include/linux/netfilter_ipv4/ipt_recent.h Sun Sep 7 12:32:13 2008 +++ linux-2.4.36.7/include/linux/netfilter_ipv4/ipt_recent.h Sat Oct 18 02:00:39 2008 @@ -1,8 +1,9 @@ #ifndef _IPT_RECENT_H +#define get_seconds() CURRENT_TIME #define _IPT_RECENT_H #define RECENT_NAME "ipt_recent" -#define RECENT_VER "v0.3.1" +#define RECENT_VER "v0.3.2" #define IPT_RECENT_CHECK 1 #define IPT_RECENT_SET 2 --- linux-2.4.36.7.orig/net/ipv4/netfilter/ipt_recent.c Sun Sep 7 12:32:13 2008 +++ linux-2.4.36.7/net/ipv4/netfilter/ipt_recent.c Sat Oct 18 01:30:56 2008 @@ -15,6 +15,7 @@ #include #include #include +#include #include #include @@ -63,7 +64,7 @@ struct time_info_list { u_int32_t position; - u_int32_t time; + unsigned long time; }; /* Structure of our linked list of tables of recent lists. */ @@ -224,7 +225,7 @@ curr_table->table[count].last_seen = 0; curr_table->table[count].addr = 0; curr_table->table[count].ttl = 0; - memset(curr_table->table[count].last_pkts,0,ip_pkt_list_tot*sizeof(u_int32_t)); + memset(curr_table->table[count].last_pkts,0,ip_pkt_list_tot*sizeof(unsigned long)); curr_table->table[count].oldest_pkt = 0; curr_table->table[count].time_pos = 0; curr_table->time_info[count].position = count; @@ -421,8 +422,8 @@ if(debug) printk(KERN_INFO RECENT_NAME ": match(): checking table, addr: %u, ttl: %u, orig_ttl: %u\n",addr,ttl,skb->nh.iph->ttl); #endif - /* Get jiffies now in case they changed while we were waiting for a lock */ - now = jiffies; + /* Get time now in case it changed while we were waiting for a lock */ + now = get_seconds(); hash_table = curr_table->hash_table; time_info = curr_table->time_info; @@ -505,7 +506,7 @@ location = time_info[curr_table->time_pos].position; hash_table[r_list[location].hash_entry] = -1; hash_table[hash_result] = location; - memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(u_int32_t)); + memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(unsigned long)); r_list[location].time_pos = curr_table->time_pos; r_list[location].addr = addr; r_list[location].ttl = ttl; @@ -531,11 +532,11 @@ if(info->check_set & IPT_RECENT_CHECK || info->check_set & IPT_RECENT_UPDATE) { if(!info->seconds && !info->hit_count) ans = !info->invert; else ans = info->invert; if(info->seconds && !info->hit_count) { - if(time_before_eq(now,r_list[location].last_seen+info->seconds*HZ)) ans = !info->invert; else ans = info->invert; + if(now <= r_list[location].last_seen+info->seconds) ans = !info->invert; else ans = info->invert; } if(info->seconds && info->hit_count) { for(pkt_count = 0, hits_found = 0; pkt_count < ip_pkt_list_tot; pkt_count++) { - if(time_before_eq(now,r_list[location].last_pkts[pkt_count]+info->seconds*HZ)) hits_found++; + if(now <= r_list[location].last_pkts[pkt_count]+info->seconds) hits_found++; } if(hits_found >= info->hit_count) ans = !info->invert; else ans = info->invert; } @@ -634,7 +635,7 @@ r_list[location].last_seen = 0; r_list[location].addr = 0; r_list[location].ttl = 0; - memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(u_int32_t)); + memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(unsigned long)); r_list[location].oldest_pkt = 0; ans = !info->invert; } @@ -737,10 +738,10 @@ memset(curr_table->table,0,sizeof(struct recent_ip_list)*ip_list_tot); #ifdef DEBUG if(debug) printk(KERN_INFO RECENT_NAME ": checkentry: Allocating %d for pkt_list.\n", - sizeof(u_int32_t)*ip_pkt_list_tot*ip_list_tot); + sizeof(unsigned long)*ip_pkt_list_tot*ip_list_tot); #endif - hold = vmalloc(sizeof(u_int32_t)*ip_pkt_list_tot*ip_list_tot); + hold = vmalloc(sizeof(unsigned long)*ip_pkt_list_tot*ip_list_tot); #ifdef DEBUG if(debug) printk(KERN_INFO RECENT_NAME ": checkentry: After pkt_list allocation.\n"); #endif