diff options
| author | Patrick McHardy <kaber@trash.net> | 2006-11-28 20:35:36 -0500 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 00:31:31 -0500 |
| commit | 39b46fc6f0d1161a5585cd8af7b3a05e8118ab7e (patch) | |
| tree | 708126eec291a8f7105751c656fb50a6091ec97e /include | |
| parent | d7a5c32442ed3d528b9ddfd3d5b837bad0ffa9da (diff) | |
[NETFILTER]: x_tables: add port of hashlimit match for IPv4 and IPv6
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter/Kbuild | 1 | ||||
| -rw-r--r-- | include/linux/netfilter/xt_hashlimit.h | 40 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ipt_hashlimit.h | 42 |
3 files changed, 49 insertions, 34 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild index 312bd2ffee33..e379a2d89ea0 100644 --- a/include/linux/netfilter/Kbuild +++ b/include/linux/netfilter/Kbuild | |||
| @@ -14,6 +14,7 @@ header-y += xt_dscp.h | |||
| 14 | header-y += xt_DSCP.h | 14 | header-y += xt_DSCP.h |
| 15 | header-y += xt_esp.h | 15 | header-y += xt_esp.h |
| 16 | header-y += xt_helper.h | 16 | header-y += xt_helper.h |
| 17 | header-y += xt_hashlimit.h | ||
| 17 | header-y += xt_length.h | 18 | header-y += xt_length.h |
| 18 | header-y += xt_limit.h | 19 | header-y += xt_limit.h |
| 19 | header-y += xt_mac.h | 20 | header-y += xt_mac.h |
diff --git a/include/linux/netfilter/xt_hashlimit.h b/include/linux/netfilter/xt_hashlimit.h new file mode 100644 index 000000000000..b4556b8edbfd --- /dev/null +++ b/include/linux/netfilter/xt_hashlimit.h | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | #ifndef _XT_HASHLIMIT_H | ||
| 2 | #define _XT_HASHLIMIT_H | ||
| 3 | |||
| 4 | /* timings are in milliseconds. */ | ||
| 5 | #define XT_HASHLIMIT_SCALE 10000 | ||
| 6 | /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 | ||
| 7 | seconds, or one every 59 hours. */ | ||
| 8 | |||
| 9 | /* details of this structure hidden by the implementation */ | ||
| 10 | struct xt_hashlimit_htable; | ||
| 11 | |||
| 12 | #define XT_HASHLIMIT_HASH_DIP 0x0001 | ||
| 13 | #define XT_HASHLIMIT_HASH_DPT 0x0002 | ||
| 14 | #define XT_HASHLIMIT_HASH_SIP 0x0004 | ||
| 15 | #define XT_HASHLIMIT_HASH_SPT 0x0008 | ||
| 16 | |||
| 17 | struct hashlimit_cfg { | ||
| 18 | u_int32_t mode; /* bitmask of IPT_HASHLIMIT_HASH_* */ | ||
| 19 | u_int32_t avg; /* Average secs between packets * scale */ | ||
| 20 | u_int32_t burst; /* Period multiplier for upper limit. */ | ||
| 21 | |||
| 22 | /* user specified */ | ||
| 23 | u_int32_t size; /* how many buckets */ | ||
| 24 | u_int32_t max; /* max number of entries */ | ||
| 25 | u_int32_t gc_interval; /* gc interval */ | ||
| 26 | u_int32_t expire; /* when do entries expire? */ | ||
| 27 | }; | ||
| 28 | |||
| 29 | struct xt_hashlimit_info { | ||
| 30 | char name [IFNAMSIZ]; /* name */ | ||
| 31 | struct hashlimit_cfg cfg; | ||
| 32 | struct xt_hashlimit_htable *hinfo; | ||
| 33 | |||
| 34 | /* Used internally by the kernel */ | ||
| 35 | union { | ||
| 36 | void *ptr; | ||
| 37 | struct xt_hashlimit_info *master; | ||
| 38 | } u; | ||
| 39 | }; | ||
| 40 | #endif /*_XT_HASHLIMIT_H*/ | ||
diff --git a/include/linux/netfilter_ipv4/ipt_hashlimit.h b/include/linux/netfilter_ipv4/ipt_hashlimit.h index ac2cb64ecd76..5662120a3d7b 100644 --- a/include/linux/netfilter_ipv4/ipt_hashlimit.h +++ b/include/linux/netfilter_ipv4/ipt_hashlimit.h | |||
| @@ -1,40 +1,14 @@ | |||
| 1 | #ifndef _IPT_HASHLIMIT_H | 1 | #ifndef _IPT_HASHLIMIT_H |
| 2 | #define _IPT_HASHLIMIT_H | 2 | #define _IPT_HASHLIMIT_H |
| 3 | 3 | ||
| 4 | /* timings are in milliseconds. */ | 4 | #include <linux/netfilter/xt_hashlimit.h> |
| 5 | #define IPT_HASHLIMIT_SCALE 10000 | ||
| 6 | /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 | ||
| 7 | seconds, or one every 59 hours. */ | ||
| 8 | 5 | ||
| 9 | /* details of this structure hidden by the implementation */ | 6 | #define IPT_HASHLIMIT_SCALE XT_HASHLIMIT_SCALE |
| 10 | struct ipt_hashlimit_htable; | 7 | #define IPT_HASHLIMIT_HASH_DIP XT_HASHLIMIT_HASH_DIP |
| 8 | #define IPT_HASHLIMIT_HASH_DPT XT_HASHLIMIT_HASH_DPT | ||
| 9 | #define IPT_HASHLIMIT_HASH_SIP XT_HASHLIMIT_HASH_SIP | ||
| 10 | #define IPT_HASHLIMIT_HASH_SPT XT_HASHLIMIT_HASH_SPT | ||
| 11 | 11 | ||
| 12 | #define IPT_HASHLIMIT_HASH_DIP 0x0001 | 12 | #define ipt_hashlimit_info xt_hashlimit_info |
| 13 | #define IPT_HASHLIMIT_HASH_DPT 0x0002 | ||
| 14 | #define IPT_HASHLIMIT_HASH_SIP 0x0004 | ||
| 15 | #define IPT_HASHLIMIT_HASH_SPT 0x0008 | ||
| 16 | 13 | ||
| 17 | struct hashlimit_cfg { | 14 | #endif /* _IPT_HASHLIMIT_H */ |
| 18 | u_int32_t mode; /* bitmask of IPT_HASHLIMIT_HASH_* */ | ||
| 19 | u_int32_t avg; /* Average secs between packets * scale */ | ||
| 20 | u_int32_t burst; /* Period multiplier for upper limit. */ | ||
| 21 | |||
| 22 | /* user specified */ | ||
| 23 | u_int32_t size; /* how many buckets */ | ||
| 24 | u_int32_t max; /* max number of entries */ | ||
| 25 | u_int32_t gc_interval; /* gc interval */ | ||
| 26 | u_int32_t expire; /* when do entries expire? */ | ||
| 27 | }; | ||
| 28 | |||
| 29 | struct ipt_hashlimit_info { | ||
| 30 | char name [IFNAMSIZ]; /* name */ | ||
| 31 | struct hashlimit_cfg cfg; | ||
| 32 | struct ipt_hashlimit_htable *hinfo; | ||
| 33 | |||
| 34 | /* Used internally by the kernel */ | ||
| 35 | union { | ||
| 36 | void *ptr; | ||
| 37 | struct ipt_hashlimit_info *master; | ||
| 38 | } u; | ||
| 39 | }; | ||
| 40 | #endif /*_IPT_HASHLIMIT_H*/ | ||