Skip to content

Commit

Permalink
netfilter: xt_hashlimit: Create revision 2 to support higher pps rates
Browse files Browse the repository at this point in the history
Create a new revision for the hashlimit iptables extension module. Rev 2
will support higher pps of upto 1 million, Version 1 supports only 10k.

To support this we have to increase the size of the variables avg and
burst in hashlimit_cfg to 64-bit. Create two new structs hashlimit_cfg2
and xt_hashlimit_mtinfo2 and also create newer versions of all the
functions for match, checkentry and destroy.

Some of the functions like hashlimit_mt, hashlimit_mt_check etc are very
similar in both rev1 and rev2 with only minor changes, so I have split
those functions and moved all the common code to a *_common function.

Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Vishwanath Pai authored and Pablo Neira Ayuso committed Sep 25, 2016
1 parent 0dc60a4 commit 11d5f15
Show file tree
Hide file tree
Showing 2 changed files with 285 additions and 68 deletions.
23 changes: 23 additions & 0 deletions include/uapi/linux/netfilter/xt_hashlimit.h
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

/* timings are in milliseconds. */
#define XT_HASHLIMIT_SCALE 10000
#define XT_HASHLIMIT_SCALE_v2 1000000llu
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
* seconds, or one packet every 59 hours.
*/
Expand Down Expand Up @@ -63,6 +64,20 @@ struct hashlimit_cfg1 {
__u8 srcmask, dstmask;
};

struct hashlimit_cfg2 {
__u64 avg; /* Average secs between packets * scale */
__u64 burst; /* Period multiplier for upper limit. */
__u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */

/* user specified */
__u32 size; /* how many buckets */
__u32 max; /* max number of entries */
__u32 gc_interval; /* gc interval */
__u32 expire; /* when do entries expire? */

__u8 srcmask, dstmask;
};

struct xt_hashlimit_mtinfo1 {
char name[IFNAMSIZ];
struct hashlimit_cfg1 cfg;
Expand All @@ -71,4 +86,12 @@ struct xt_hashlimit_mtinfo1 {
struct xt_hashlimit_htable *hinfo __attribute__((aligned(8)));
};

struct xt_hashlimit_mtinfo2 {
char name[NAME_MAX];
struct hashlimit_cfg2 cfg;

/* Used internally by the kernel */
struct xt_hashlimit_htable *hinfo __attribute__((aligned(8)));
};

#endif /* _UAPI_XT_HASHLIMIT_H */
Loading

0 comments on commit 11d5f15

Please sign in to comment.