redesign of dstlimit match
A couple of weeks ago I first published the dstlimit match. It provides an easy way of rate-limiting certain packets on a 'per destination ip' or 'per destination ip/port' tuple base.
However, it turned out that it had several flaws. One of them was that you could create two /proc/net/dstlimit/ files with the same name. proc-fs doesn't actually check if some file already exists, if you want to create it (within the kernel). Several hours of research within the vfs (of which I have no idea) and conversation with some other kernel developers revealed that there is no reliable way to check if a specific file already exists. Even if there was, you would never be able to atomically check-and-create.
So in the end I had to implement some major changes in the dstlimit code. However, this again changed the kernel/userspace structure layout, so you will have to recompile both in order to use it