* removing black listed ip
@ 2010-04-10 17:03 ratheesh k
2010-04-10 17:12 ` Jan Engelhardt
0 siblings, 1 reply; 9+ messages in thread
From: ratheesh k @ 2010-04-10 17:03 UTC (permalink / raw)
To: netfilter
Hi ,
I need to remove black listed ip if last seen packet is x time
ago . I have changed code , but here it is comparing with first seen
packet time . i need to compare last seen packet .
**************************************************************************************************
--- xt_recent.c.old 2010-04-11 03:51:10.000000000 +0530
+++ xt_recent.c 2010-04-11 03:50:06.000000000 +0530
@@ -113,12 +113,13 @@
(ip_list_hash_size - 1);
}
+static void recent_entry_remove(struct recent_table *, struct recent_entry *);
static struct recent_entry *
recent_entry_lookup(const struct recent_table *table,
const union nf_inet_addr *addrp, u_int16_t family,
u_int8_t ttl)
{
- struct recent_entry *e;
+ struct recent_entry *e ,*next;
unsigned int h;
if (family == NFPROTO_IPV4)
@@ -126,7 +127,17 @@
else
h = recent_entry_hash6(addrp);
- list_for_each_entry(e, &table->iphash[h], list)
+
+ list_for_each_entry_safe(e,next , &table->iphash[h], list) {
+ if (e->family == family && (jiffies - e->stamps[0] > 10000 ) ) {
+ printk("\n Removing one entry %lu %lu \n" ,
e->stamps[0] ,jiffies);
+ printk(KERN_INFO "\nRemoving ip entry:
%d.%d.%d.%d\n", NIPQUAD(e->addr));
+ recent_entry_remove(table, e);
+ }
+
+ }
+
+ list_for_each_entry(e, &table->iphash[h], list)
if (e->family == family &&
memcmp(&e->addr, addrp, sizeof(e->addr)) == 0 &&
(ttl == e->ttl || ttl == 0 || e->ttl == 0))
@@ -178,6 +189,10 @@
e->nstamps = e->index;
e->index %= ip_pkt_list_tot;
list_move_tail(&e->lru_list, &t->lru_list);
+
+
+
+
}
static struct recent_table *recent_table_lookup(const char *name)
***************************************************************************************
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: removing black listed ip
2010-04-10 17:03 removing black listed ip ratheesh k
@ 2010-04-10 17:12 ` Jan Engelhardt
2010-04-10 17:20 ` ratheesh k
0 siblings, 1 reply; 9+ messages in thread
From: Jan Engelhardt @ 2010-04-10 17:12 UTC (permalink / raw)
To: ratheesh k; +Cc: netfilter
On Saturday 2010-04-10 19:03, ratheesh k wrote:
>Hi ,
>
> I need to remove black listed ip if last seen packet is x time
>ago . I have changed code , but here it is comparing with first seen
>packet time . i need to compare last seen packet .
xt_recent works by comparing the difference between an entry's
timestamps and the current time with the chosen --seconds parameter.
>@@ -178,6 +189,10 @@
> e->nstamps = e->index;
> e->index %= ip_pkt_list_tot;
> list_move_tail(&e->lru_list, &t->lru_list);
>+
>+
>+
>+
> }
>
> static struct recent_table *recent_table_lookup(const char *name)
>
>
What's with all this whitespace...
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: removing black listed ip
2010-04-10 17:12 ` Jan Engelhardt
@ 2010-04-10 17:20 ` ratheesh k
2010-04-10 17:42 ` Jan Engelhardt
0 siblings, 1 reply; 9+ messages in thread
From: ratheesh k @ 2010-04-10 17:20 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
> xt_recent works by comparing the difference between an entry's
> timestamps and the current time with the chosen --seconds parameter.
If an ip is black listed , when it will get removed ? . How can i
remove the list .i first thought of kernel timers ( timer_list ) , but
i have to take care of race condition and it will dampen the
performace .
> What's with all this whitespace...
>
sorry . by mistake i added space .
thanks,
ratheesh
On Sat, Apr 10, 2010 at 10:42 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
> On Saturday 2010-04-10 19:03, ratheesh k wrote:
>
>>Hi ,
>>
>> I need to remove black listed ip if last seen packet is x time
>>ago . I have changed code , but here it is comparing with first seen
>>packet time . i need to compare last seen packet .
>
> xt_recent works by comparing the difference between an entry's
> timestamps and the current time with the chosen --seconds parameter.
>
>
>>@@ -178,6 +189,10 @@
>> e->nstamps = e->index;
>> e->index %= ip_pkt_list_tot;
>> list_move_tail(&e->lru_list, &t->lru_list);
>>+
>>+
>>+
>>+
>> }
>>
>> static struct recent_table *recent_table_lookup(const char *name)
>>
>>
>
> What's with all this whitespace...
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: removing black listed ip
2010-04-10 17:20 ` ratheesh k
@ 2010-04-10 17:42 ` Jan Engelhardt
2010-04-12 6:24 ` ratheesh k
0 siblings, 1 reply; 9+ messages in thread
From: Jan Engelhardt @ 2010-04-10 17:42 UTC (permalink / raw)
To: ratheesh k; +Cc: netfilter
On Saturday 2010-04-10 19:20, ratheesh k wrote:
>> xt_recent works by comparing the difference between an entry's
>> timestamps and the current time with the chosen --seconds parameter.
>
>If an ip is black listed , when it will get removed
It will not get removed. If you want any action, such as blacklisting,
to stop after a given time, you use --seconds as I just told.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: removing black listed ip
2010-04-10 17:42 ` Jan Engelhardt
@ 2010-04-12 6:24 ` ratheesh k
2010-04-12 12:30 ` Jan Engelhardt
0 siblings, 1 reply; 9+ messages in thread
From: ratheesh k @ 2010-04-12 6:24 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
On Sat, Apr 10, 2010 at 11:12 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
> On Saturday 2010-04-10 19:20, ratheesh k wrote:
>
>>> xt_recent works by comparing the difference between an entry's
>>> timestamps and the current time with the chosen --seconds parameter.
>>
>>If an ip is black listed , when it will get removed
>
> It will not get removed. If you want any action, such as blacklisting,
> to stop after a given time, you use --seconds as I just told.
>
if number of ip balcklisted ip is more than ip_list_tot , old
entries will be replaced by new ip addresses ? . { once list if full ,
what will happen for new black listing }
Thanks,
Ratheesh
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: removing black listed ip
2010-04-12 6:24 ` ratheesh k
@ 2010-04-12 12:30 ` Jan Engelhardt
2010-04-20 2:46 ` ratheesh k
0 siblings, 1 reply; 9+ messages in thread
From: Jan Engelhardt @ 2010-04-12 12:30 UTC (permalink / raw)
To: ratheesh k; +Cc: netfilter
On Monday 2010-04-12 08:24, ratheesh k wrote:
>On Sat, Apr 10, 2010 at 11:12 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
>> On Saturday 2010-04-10 19:20, ratheesh k wrote:
>>
>>>> xt_recent works by comparing the difference between an entry's
>>>> timestamps and the current time with the chosen --seconds parameter.
>>>
>>>If an ip is black listed , when it will get removed
>>
>> It will not get removed. If you want any action, such as blacklisting,
>> to stop after a given time, you use --seconds as I just told.
>
>if number of ip balcklisted ip is more than ip_list_tot , old
>entries will be replaced by new ip addresses ? . { once list if full ,
>what will happen for new black listing }
As I see it yes.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: removing black listed ip
2010-04-12 12:30 ` Jan Engelhardt
@ 2010-04-20 2:46 ` ratheesh k
2010-04-20 8:06 ` Jan Engelhardt
0 siblings, 1 reply; 9+ messages in thread
From: ratheesh k @ 2010-04-20 2:46 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
On Mon, Apr 12, 2010 at 6:00 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
>
> On Monday 2010-04-12 08:24, ratheesh k wrote:
>>On Sat, Apr 10, 2010 at 11:12 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
>>> On Saturday 2010-04-10 19:20, ratheesh k wrote:
>>>
>>>>> xt_recent works by comparing the difference between an entry's
>>>>> timestamps and the current time with the chosen --seconds parameter.
>>>>
>>>>If an ip is black listed , when it will get removed
>>>
>>> It will not get removed. If you want any action, such as blacklisting,
>>> to stop after a given time, you use --seconds as I just told.
>>
>>if number of ip balcklisted ip is more than ip_list_tot , old
>>entries will be replaced by new ip addresses ? . { once list if full ,
>>what will happen for new black listing }
>
> As I see it yes.
>
suppose one particular ip is blacklisted by accident ...I want to
remove the ip from black list . How can i do that ?
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: removing black listed ip
2010-04-20 2:46 ` ratheesh k
@ 2010-04-20 8:06 ` Jan Engelhardt
2010-04-20 11:21 ` ratheesh k
0 siblings, 1 reply; 9+ messages in thread
From: Jan Engelhardt @ 2010-04-20 8:06 UTC (permalink / raw)
To: ratheesh k; +Cc: netfilter
On Tuesday 2010-04-20 04:46, ratheesh k wrote:
>>>
>>>if number of ip balcklisted ip is more than ip_list_tot , old
>>>entries will be replaced by new ip addresses ? . { once list if full ,
>>>what will happen for new black listing }
>>
>> As I see it yes.
>
>suppose one particular ip is blacklisted by accident ...I want to
>remove the ip from black list . How can i do that ?
How do you define accident?
Manually:
"echo -2a01:198:476::1" >/proc/net/xt_recent/foo
Automatically:
If you can automatically detect an accident, you can also
have it removed with -m recent --remove. Or in fact,
avoid it in the first place.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: removing black listed ip
2010-04-20 8:06 ` Jan Engelhardt
@ 2010-04-20 11:21 ` ratheesh k
0 siblings, 0 replies; 9+ messages in thread
From: ratheesh k @ 2010-04-20 11:21 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
On Tue, Apr 20, 2010 at 1:36 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
>
> On Tuesday 2010-04-20 04:46, ratheesh k wrote:
>>>>
>>>>if number of ip balcklisted ip is more than ip_list_tot , old
>>>>entries will be replaced by new ip addresses ? . { once list if full ,
>>>>what will happen for new black listing }
>>>
>>> As I see it yes.
>>
>>suppose one particular ip is blacklisted by accident ...I want to
>>remove the ip from black list . How can i do that ?
>
> How do you define accident?
>
> Manually:
> "echo -2a01:198:476::1" >/proc/net/xt_recent/foo
>
> Automatically:
> If you can automatically detect an accident, you can also
> have it removed with -m recent --remove. Or in fact,
> avoid it in the first place.
>
Thanks a ton .
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2010-04-20 11:21 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-04-10 17:03 removing black listed ip ratheesh k
2010-04-10 17:12 ` Jan Engelhardt
2010-04-10 17:20 ` ratheesh k
2010-04-10 17:42 ` Jan Engelhardt
2010-04-12 6:24 ` ratheesh k
2010-04-12 12:30 ` Jan Engelhardt
2010-04-20 2:46 ` ratheesh k
2010-04-20 8:06 ` Jan Engelhardt
2010-04-20 11:21 ` ratheesh k
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.