diff options
| author | Vishwanath Pai <vpai@akamai.com> | 2016-09-22 12:43:44 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-25 08:54:06 -0400 |
| commit | 11d5f15723c9f39d7c131d0149d024c17dbef676 (patch) | |
| tree | 25daeeeaca4387aff480c28548039adb60c21d8f /include/uapi/linux | |
| parent | 0dc60a4546fefc6dc9f54abf60beeeb3501726fa (diff) | |
netfilter: xt_hashlimit: Create revision 2 to support higher pps rates
Create a new revision for the hashlimit iptables extension module. Rev 2
will support higher pps of upto 1 million, Version 1 supports only 10k.
To support this we have to increase the size of the variables avg and
burst in hashlimit_cfg to 64-bit. Create two new structs hashlimit_cfg2
and xt_hashlimit_mtinfo2 and also create newer versions of all the
functions for match, checkentry and destroy.
Some of the functions like hashlimit_mt, hashlimit_mt_check etc are very
similar in both rev1 and rev2 with only minor changes, so I have split
those functions and moved all the common code to a *_common function.
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/uapi/linux')
| -rw-r--r-- | include/uapi/linux/netfilter/xt_hashlimit.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/xt_hashlimit.h b/include/uapi/linux/netfilter/xt_hashlimit.h index 6db90372f09c..3efc0ca18345 100644 --- a/include/uapi/linux/netfilter/xt_hashlimit.h +++ b/include/uapi/linux/netfilter/xt_hashlimit.h | |||
| @@ -6,6 +6,7 @@ | |||
| 6 | 6 | ||
| 7 | /* timings are in milliseconds. */ | 7 | /* timings are in milliseconds. */ |
| 8 | #define XT_HASHLIMIT_SCALE 10000 | 8 | #define XT_HASHLIMIT_SCALE 10000 |
| 9 | #define XT_HASHLIMIT_SCALE_v2 1000000llu | ||
| 9 | /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 | 10 | /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 |
| 10 | * seconds, or one packet every 59 hours. | 11 | * seconds, or one packet every 59 hours. |
| 11 | */ | 12 | */ |
| @@ -63,6 +64,20 @@ struct hashlimit_cfg1 { | |||
| 63 | __u8 srcmask, dstmask; | 64 | __u8 srcmask, dstmask; |
| 64 | }; | 65 | }; |
| 65 | 66 | ||
| 67 | struct hashlimit_cfg2 { | ||
| 68 | __u64 avg; /* Average secs between packets * scale */ | ||
| 69 | __u64 burst; /* Period multiplier for upper limit. */ | ||
| 70 | __u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */ | ||
| 71 | |||
| 72 | /* user specified */ | ||
| 73 | __u32 size; /* how many buckets */ | ||
| 74 | __u32 max; /* max number of entries */ | ||
| 75 | __u32 gc_interval; /* gc interval */ | ||
| 76 | __u32 expire; /* when do entries expire? */ | ||
| 77 | |||
| 78 | __u8 srcmask, dstmask; | ||
| 79 | }; | ||
| 80 | |||
| 66 | struct xt_hashlimit_mtinfo1 { | 81 | struct xt_hashlimit_mtinfo1 { |
| 67 | char name[IFNAMSIZ]; | 82 | char name[IFNAMSIZ]; |
| 68 | struct hashlimit_cfg1 cfg; | 83 | struct hashlimit_cfg1 cfg; |
| @@ -71,4 +86,12 @@ struct xt_hashlimit_mtinfo1 { | |||
| 71 | struct xt_hashlimit_htable *hinfo __attribute__((aligned(8))); | 86 | struct xt_hashlimit_htable *hinfo __attribute__((aligned(8))); |
| 72 | }; | 87 | }; |
| 73 | 88 | ||
| 89 | struct xt_hashlimit_mtinfo2 { | ||
| 90 | char name[NAME_MAX]; | ||
| 91 | struct hashlimit_cfg2 cfg; | ||
| 92 | |||
| 93 | /* Used internally by the kernel */ | ||
| 94 | struct xt_hashlimit_htable *hinfo __attribute__((aligned(8))); | ||
| 95 | }; | ||
| 96 | |||
| 74 | #endif /* _UAPI_XT_HASHLIMIT_H */ | 97 | #endif /* _UAPI_XT_HASHLIMIT_H */ |