[NETFILTER]: x_tables: add port of hashlimit match for IPv4 and IPv6

header-y += xt_DSCP.h

header-y += xt_esp.h

header-y += xt_helper.h

header-y += xt_hashlimit.h

header-y += xt_length.h

header-y += xt_limit.h

header-y += xt_mac.h

#ifndef _XT_HASHLIMIT_H

#define _XT_HASHLIMIT_H

/* timings are in milliseconds. */

#define XT_HASHLIMIT_SCALE 10000

/* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490

   seconds, or one every 59 hours. */

/* details of this structure hidden by the implementation */

struct xt_hashlimit_htable;

#define XT_HASHLIMIT_HASH_DIP	0x0001

#define XT_HASHLIMIT_HASH_DPT	0x0002

#define XT_HASHLIMIT_HASH_SIP	0x0004

#define XT_HASHLIMIT_HASH_SPT	0x0008

struct hashlimit_cfg {

	u_int32_t mode;	  /* bitmask of IPT_HASHLIMIT_HASH_* */

	u_int32_t avg;    /* Average secs between packets * scale */

	u_int32_t burst;  /* Period multiplier for upper limit. */

	/* user specified */

	u_int32_t size;		/* how many buckets */

	u_int32_t max;		/* max number of entries */

	u_int32_t gc_interval;	/* gc interval */

	u_int32_t expire;	/* when do entries expire? */

};

struct xt_hashlimit_info {

	char name [IFNAMSIZ];		/* name */

	struct hashlimit_cfg cfg;

	struct xt_hashlimit_htable *hinfo;

	/* Used internally by the kernel */

	union {

		void *ptr;

		struct xt_hashlimit_info *master;

	} u;

};

#endif /*_XT_HASHLIMIT_H*/

#ifndef _IPT_HASHLIMIT_H

#define _IPT_HASHLIMIT_H

/* timings are in milliseconds. */

#define IPT_HASHLIMIT_SCALE 10000

/* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490

   seconds, or one every 59 hours. */

#include <linux/netfilter/xt_hashlimit.h>

/* details of this structure hidden by the implementation */

struct ipt_hashlimit_htable;

#define IPT_HASHLIMIT_SCALE	XT_HASHLIMIT_SCALE

#define IPT_HASHLIMIT_HASH_DIP	XT_HASHLIMIT_HASH_DIP

#define IPT_HASHLIMIT_HASH_DPT	XT_HASHLIMIT_HASH_DPT

#define IPT_HASHLIMIT_HASH_SIP	XT_HASHLIMIT_HASH_SIP

#define IPT_HASHLIMIT_HASH_SPT	XT_HASHLIMIT_HASH_SPT

#define IPT_HASHLIMIT_HASH_DIP	0x0001

#define IPT_HASHLIMIT_HASH_DPT	0x0002

#define IPT_HASHLIMIT_HASH_SIP	0x0004

#define IPT_HASHLIMIT_HASH_SPT	0x0008

#define ipt_hashlimit_info xt_hashlimit_info

struct hashlimit_cfg {

	u_int32_t mode;	  /* bitmask of IPT_HASHLIMIT_HASH_* */

	u_int32_t avg;    /* Average secs between packets * scale */

	u_int32_t burst;  /* Period multiplier for upper limit. */

	/* user specified */

	u_int32_t size;		/* how many buckets */

	u_int32_t max;		/* max number of entries */

	u_int32_t gc_interval;	/* gc interval */

	u_int32_t expire;	/* when do entries expire? */

};

struct ipt_hashlimit_info {

	char name [IFNAMSIZ];		/* name */

	struct hashlimit_cfg cfg;

	struct ipt_hashlimit_htable *hinfo;

	/* Used internally by the kernel */

	union {

		void *ptr;

		struct ipt_hashlimit_info *master;

	} u;

};

#endif /* _IPT_HASHLIMIT_H */

	  If you want to compile it as a module, say M here and read

	  <file:Documentation/modules.txt>.  If unsure, say `N'.

config IP_NF_MATCH_HASHLIMIT

	tristate  'hashlimit match support'

	depends on IP_NF_IPTABLES

	help

	  This option adds a new iptables `hashlimit' match.  

	  As opposed to `limit', this match dynamically creates a hash table

	  of limit buckets, based on your selection of source/destination

	  ip addresses and/or ports.

	  It enables you to express policies like `10kpps for any given

	  destination IP' or `500pps from any given source IP'  with a single

	  IPtables rule.

# `filter', generic and specific targets

config IP_NF_FILTER

	tristate "Packet filtering"

obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o

# matches

obj-$(CONFIG_IP_NF_MATCH_HASHLIMIT) += ipt_hashlimit.o

obj-$(CONFIG_IP_NF_MATCH_IPRANGE) += ipt_iprange.o

obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o

obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o