diff options
| author | Vishwanath Pai <vpai@akamai.com> | 2016-09-22 12:42:46 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-25 08:54:05 -0400 |
| commit | 0dc60a4546fefc6dc9f54abf60beeeb3501726fa (patch) | |
| tree | ed787c9675164f4460896c5dcf153ec8ccdc0834 /net | |
| parent | 7bfdde7045ad54d9fdccac70baffd094d9de73f8 (diff) | |
netfilter: xt_hashlimit: Prepare for revision 2
I am planning to add a revision 2 for the hashlimit xtables module to
support higher packets per second rates. This patch renames all the
functions and variables related to revision 1 by adding _v1 at the
end of the names.
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/xt_hashlimit.c | 61 |
1 files changed, 31 insertions, 30 deletions
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index 178696852bde..e93d9e0a3f35 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c | |||
| @@ -56,7 +56,7 @@ static inline struct hashlimit_net *hashlimit_pernet(struct net *net) | |||
| 56 | } | 56 | } |
| 57 | 57 | ||
| 58 | /* need to declare this at the top */ | 58 | /* need to declare this at the top */ |
| 59 | static const struct file_operations dl_file_ops; | 59 | static const struct file_operations dl_file_ops_v1; |
| 60 | 60 | ||
| 61 | /* hash table crap */ | 61 | /* hash table crap */ |
| 62 | struct dsthash_dst { | 62 | struct dsthash_dst { |
| @@ -215,8 +215,8 @@ dsthash_free(struct xt_hashlimit_htable *ht, struct dsthash_ent *ent) | |||
| 215 | } | 215 | } |
| 216 | static void htable_gc(struct work_struct *work); | 216 | static void htable_gc(struct work_struct *work); |
| 217 | 217 | ||
| 218 | static int htable_create(struct net *net, struct xt_hashlimit_mtinfo1 *minfo, | 218 | static int htable_create_v1(struct net *net, struct xt_hashlimit_mtinfo1 *minfo, |
| 219 | u_int8_t family) | 219 | u_int8_t family) |
| 220 | { | 220 | { |
| 221 | struct hashlimit_net *hashlimit_net = hashlimit_pernet(net); | 221 | struct hashlimit_net *hashlimit_net = hashlimit_pernet(net); |
| 222 | struct xt_hashlimit_htable *hinfo; | 222 | struct xt_hashlimit_htable *hinfo; |
| @@ -265,7 +265,7 @@ static int htable_create(struct net *net, struct xt_hashlimit_mtinfo1 *minfo, | |||
| 265 | hinfo->pde = proc_create_data(minfo->name, 0, | 265 | hinfo->pde = proc_create_data(minfo->name, 0, |
| 266 | (family == NFPROTO_IPV4) ? | 266 | (family == NFPROTO_IPV4) ? |
| 267 | hashlimit_net->ipt_hashlimit : hashlimit_net->ip6t_hashlimit, | 267 | hashlimit_net->ipt_hashlimit : hashlimit_net->ip6t_hashlimit, |
| 268 | &dl_file_ops, hinfo); | 268 | &dl_file_ops_v1, hinfo); |
| 269 | if (hinfo->pde == NULL) { | 269 | if (hinfo->pde == NULL) { |
| 270 | kfree(hinfo->name); | 270 | kfree(hinfo->name); |
| 271 | vfree(hinfo); | 271 | vfree(hinfo); |
| @@ -398,7 +398,7 @@ static void htable_put(struct xt_hashlimit_htable *hinfo) | |||
| 398 | (slowest userspace tool allows), which means | 398 | (slowest userspace tool allows), which means |
| 399 | CREDITS_PER_JIFFY*HZ*60*60*24 < 2^32 ie. | 399 | CREDITS_PER_JIFFY*HZ*60*60*24 < 2^32 ie. |
| 400 | */ | 400 | */ |
| 401 | #define MAX_CPJ (0xFFFFFFFF / (HZ*60*60*24)) | 401 | #define MAX_CPJ_v1 (0xFFFFFFFF / (HZ*60*60*24)) |
| 402 | 402 | ||
| 403 | /* Repeated shift and or gives us all 1s, final shift and add 1 gives | 403 | /* Repeated shift and or gives us all 1s, final shift and add 1 gives |
| 404 | * us the power of 2 below the theoretical max, so GCC simply does a | 404 | * us the power of 2 below the theoretical max, so GCC simply does a |
| @@ -410,7 +410,7 @@ static void htable_put(struct xt_hashlimit_htable *hinfo) | |||
| 410 | #define _POW2_BELOW32(x) (_POW2_BELOW16(x)|_POW2_BELOW16((x)>>16)) | 410 | #define _POW2_BELOW32(x) (_POW2_BELOW16(x)|_POW2_BELOW16((x)>>16)) |
| 411 | #define POW2_BELOW32(x) ((_POW2_BELOW32(x)>>1) + 1) | 411 | #define POW2_BELOW32(x) ((_POW2_BELOW32(x)>>1) + 1) |
| 412 | 412 | ||
| 413 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) | 413 | #define CREDITS_PER_JIFFY_v1 POW2_BELOW32(MAX_CPJ_v1) |
| 414 | 414 | ||
| 415 | /* in byte mode, the lowest possible rate is one packet/second. | 415 | /* in byte mode, the lowest possible rate is one packet/second. |
| 416 | * credit_cap is used as a counter that tells us how many times we can | 416 | * credit_cap is used as a counter that tells us how many times we can |
| @@ -428,11 +428,12 @@ static u32 xt_hashlimit_len_to_chunks(u32 len) | |||
| 428 | static u32 user2credits(u32 user) | 428 | static u32 user2credits(u32 user) |
| 429 | { | 429 | { |
| 430 | /* If multiplying would overflow... */ | 430 | /* If multiplying would overflow... */ |
| 431 | if (user > 0xFFFFFFFF / (HZ*CREDITS_PER_JIFFY)) | 431 | if (user > 0xFFFFFFFF / (HZ*CREDITS_PER_JIFFY_v1)) |
| 432 | /* Divide first. */ | 432 | /* Divide first. */ |
| 433 | return (user / XT_HASHLIMIT_SCALE) * HZ * CREDITS_PER_JIFFY; | 433 | return (user / XT_HASHLIMIT_SCALE) *\ |
| 434 | HZ * CREDITS_PER_JIFFY_v1; | ||
| 434 | 435 | ||
| 435 | return (user * HZ * CREDITS_PER_JIFFY) / XT_HASHLIMIT_SCALE; | 436 | return (user * HZ * CREDITS_PER_JIFFY_v1) / XT_HASHLIMIT_SCALE; |
| 436 | } | 437 | } |
| 437 | 438 | ||
| 438 | static u32 user2credits_byte(u32 user) | 439 | static u32 user2credits_byte(u32 user) |
| @@ -461,7 +462,7 @@ static void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now, u32 mode) | |||
| 461 | return; | 462 | return; |
| 462 | } | 463 | } |
| 463 | } else { | 464 | } else { |
| 464 | dh->rateinfo.credit += delta * CREDITS_PER_JIFFY; | 465 | dh->rateinfo.credit += delta * CREDITS_PER_JIFFY_v1; |
| 465 | cap = dh->rateinfo.credit_cap; | 466 | cap = dh->rateinfo.credit_cap; |
| 466 | } | 467 | } |
| 467 | if (dh->rateinfo.credit > cap) | 468 | if (dh->rateinfo.credit > cap) |
| @@ -603,7 +604,7 @@ static u32 hashlimit_byte_cost(unsigned int len, struct dsthash_ent *dh) | |||
| 603 | } | 604 | } |
| 604 | 605 | ||
| 605 | static bool | 606 | static bool |
| 606 | hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par) | 607 | hashlimit_mt_v1(const struct sk_buff *skb, struct xt_action_param *par) |
| 607 | { | 608 | { |
| 608 | const struct xt_hashlimit_mtinfo1 *info = par->matchinfo; | 609 | const struct xt_hashlimit_mtinfo1 *info = par->matchinfo; |
| 609 | struct xt_hashlimit_htable *hinfo = info->hinfo; | 610 | struct xt_hashlimit_htable *hinfo = info->hinfo; |
| @@ -660,7 +661,7 @@ hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par) | |||
| 660 | return false; | 661 | return false; |
| 661 | } | 662 | } |
| 662 | 663 | ||
| 663 | static int hashlimit_mt_check(const struct xt_mtchk_param *par) | 664 | static int hashlimit_mt_check_v1(const struct xt_mtchk_param *par) |
| 664 | { | 665 | { |
| 665 | struct net *net = par->net; | 666 | struct net *net = par->net; |
| 666 | struct xt_hashlimit_mtinfo1 *info = par->matchinfo; | 667 | struct xt_hashlimit_mtinfo1 *info = par->matchinfo; |
| @@ -701,7 +702,7 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par) | |||
| 701 | mutex_lock(&hashlimit_mutex); | 702 | mutex_lock(&hashlimit_mutex); |
| 702 | info->hinfo = htable_find_get(net, info->name, par->family); | 703 | info->hinfo = htable_find_get(net, info->name, par->family); |
| 703 | if (info->hinfo == NULL) { | 704 | if (info->hinfo == NULL) { |
| 704 | ret = htable_create(net, info, par->family); | 705 | ret = htable_create_v1(net, info, par->family); |
| 705 | if (ret < 0) { | 706 | if (ret < 0) { |
| 706 | mutex_unlock(&hashlimit_mutex); | 707 | mutex_unlock(&hashlimit_mutex); |
| 707 | return ret; | 708 | return ret; |
| @@ -711,7 +712,7 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par) | |||
| 711 | return 0; | 712 | return 0; |
| 712 | } | 713 | } |
| 713 | 714 | ||
| 714 | static void hashlimit_mt_destroy(const struct xt_mtdtor_param *par) | 715 | static void hashlimit_mt_destroy_v1(const struct xt_mtdtor_param *par) |
| 715 | { | 716 | { |
| 716 | const struct xt_hashlimit_mtinfo1 *info = par->matchinfo; | 717 | const struct xt_hashlimit_mtinfo1 *info = par->matchinfo; |
| 717 | 718 | ||
| @@ -723,10 +724,10 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = { | |||
| 723 | .name = "hashlimit", | 724 | .name = "hashlimit", |
| 724 | .revision = 1, | 725 | .revision = 1, |
| 725 | .family = NFPROTO_IPV4, | 726 | .family = NFPROTO_IPV4, |
| 726 | .match = hashlimit_mt, | 727 | .match = hashlimit_mt_v1, |
| 727 | .matchsize = sizeof(struct xt_hashlimit_mtinfo1), | 728 | .matchsize = sizeof(struct xt_hashlimit_mtinfo1), |
| 728 | .checkentry = hashlimit_mt_check, | 729 | .checkentry = hashlimit_mt_check_v1, |
| 729 | .destroy = hashlimit_mt_destroy, | 730 | .destroy = hashlimit_mt_destroy_v1, |
| 730 | .me = THIS_MODULE, | 731 | .me = THIS_MODULE, |
| 731 | }, | 732 | }, |
| 732 | #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) | 733 | #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) |
| @@ -734,10 +735,10 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = { | |||
| 734 | .name = "hashlimit", | 735 | .name = "hashlimit", |
| 735 | .revision = 1, | 736 | .revision = 1, |
| 736 | .family = NFPROTO_IPV6, | 737 | .family = NFPROTO_IPV6, |
| 737 | .match = hashlimit_mt, | 738 | .match = hashlimit_mt_v1, |
| 738 | .matchsize = sizeof(struct xt_hashlimit_mtinfo1), | 739 | .matchsize = sizeof(struct xt_hashlimit_mtinfo1), |
| 739 | .checkentry = hashlimit_mt_check, | 740 | .checkentry = hashlimit_mt_check_v1, |
| 740 | .destroy = hashlimit_mt_destroy, | 741 | .destroy = hashlimit_mt_destroy_v1, |
| 741 | .me = THIS_MODULE, | 742 | .me = THIS_MODULE, |
| 742 | }, | 743 | }, |
| 743 | #endif | 744 | #endif |
| @@ -786,8 +787,8 @@ static void dl_seq_stop(struct seq_file *s, void *v) | |||
| 786 | spin_unlock_bh(&htable->lock); | 787 | spin_unlock_bh(&htable->lock); |
| 787 | } | 788 | } |
| 788 | 789 | ||
| 789 | static int dl_seq_real_show(struct dsthash_ent *ent, u_int8_t family, | 790 | static int dl_seq_real_show_v1(struct dsthash_ent *ent, u_int8_t family, |
| 790 | struct seq_file *s) | 791 | struct seq_file *s) |
| 791 | { | 792 | { |
| 792 | const struct xt_hashlimit_htable *ht = s->private; | 793 | const struct xt_hashlimit_htable *ht = s->private; |
| 793 | 794 | ||
| @@ -825,7 +826,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, u_int8_t family, | |||
| 825 | return seq_has_overflowed(s); | 826 | return seq_has_overflowed(s); |
| 826 | } | 827 | } |
| 827 | 828 | ||
| 828 | static int dl_seq_show(struct seq_file *s, void *v) | 829 | static int dl_seq_show_v1(struct seq_file *s, void *v) |
| 829 | { | 830 | { |
| 830 | struct xt_hashlimit_htable *htable = s->private; | 831 | struct xt_hashlimit_htable *htable = s->private; |
| 831 | unsigned int *bucket = (unsigned int *)v; | 832 | unsigned int *bucket = (unsigned int *)v; |
| @@ -833,22 +834,22 @@ static int dl_seq_show(struct seq_file *s, void *v) | |||
| 833 | 834 | ||
| 834 | if (!hlist_empty(&htable->hash[*bucket])) { | 835 | if (!hlist_empty(&htable->hash[*bucket])) { |
| 835 | hlist_for_each_entry(ent, &htable->hash[*bucket], node) | 836 | hlist_for_each_entry(ent, &htable->hash[*bucket], node) |
| 836 | if (dl_seq_real_show(ent, htable->family, s)) | 837 | if (dl_seq_real_show_v1(ent, htable->family, s)) |
| 837 | return -1; | 838 | return -1; |
| 838 | } | 839 | } |
| 839 | return 0; | 840 | return 0; |
| 840 | } | 841 | } |
| 841 | 842 | ||
| 842 | static const struct seq_operations dl_seq_ops = { | 843 | static const struct seq_operations dl_seq_ops_v1 = { |
| 843 | .start = dl_seq_start, | 844 | .start = dl_seq_start, |
| 844 | .next = dl_seq_next, | 845 | .next = dl_seq_next, |
| 845 | .stop = dl_seq_stop, | 846 | .stop = dl_seq_stop, |
| 846 | .show = dl_seq_show | 847 | .show = dl_seq_show_v1 |
| 847 | }; | 848 | }; |
| 848 | 849 | ||
| 849 | static int dl_proc_open(struct inode *inode, struct file *file) | 850 | static int dl_proc_open_v1(struct inode *inode, struct file *file) |
| 850 | { | 851 | { |
| 851 | int ret = seq_open(file, &dl_seq_ops); | 852 | int ret = seq_open(file, &dl_seq_ops_v1); |
| 852 | 853 | ||
| 853 | if (!ret) { | 854 | if (!ret) { |
| 854 | struct seq_file *sf = file->private_data; | 855 | struct seq_file *sf = file->private_data; |
| @@ -857,9 +858,9 @@ static int dl_proc_open(struct inode *inode, struct file *file) | |||
| 857 | return ret; | 858 | return ret; |
| 858 | } | 859 | } |
| 859 | 860 | ||
| 860 | static const struct file_operations dl_file_ops = { | 861 | static const struct file_operations dl_file_ops_v1 = { |
| 861 | .owner = THIS_MODULE, | 862 | .owner = THIS_MODULE, |
| 862 | .open = dl_proc_open, | 863 | .open = dl_proc_open_v1, |
| 863 | .read = seq_read, | 864 | .read = seq_read, |
| 864 | .llseek = seq_lseek, | 865 | .llseek = seq_lseek, |
| 865 | .release = seq_release | 866 | .release = seq_release |