diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-10-22 15:11:02 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-10-22 15:11:18 +0200 |
commit | cc9d2851135901d11e21b1a0332e83119124d083 (patch) | |
tree | 36499937d00d3e5e6c3041eb95a398419046785e | |
parent | e91ea14da66759c71d5c2a581b82c2508a02f60a (diff) |
expr: limit: avoid huge rodata array
commit 10e0890e ('src: operational limit match') creates huge
array, increasing libnftables binary size. Use switch statement
instead.
Based on patch from Florian Westphal, for nft.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/expr/limit.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/expr/limit.c b/src/expr/limit.c index 9718171..ef76418 100644 --- a/src/expr/limit.c +++ b/src/expr/limit.c @@ -164,23 +164,28 @@ static int nft_rule_expr_limit_xml_parse(struct nft_rule_expr *e, mxml_node_t *t #endif } +static const char *get_unit(uint64_t u) +{ + switch (u) { + case 1: return "seconds"; + case 60: return "minute"; + case 60 * 60: return "hour"; + case 60 * 60 * 24: return "day"; + case 60 * 60 * 24 * 7: return "week"; + } + return "error"; +} + static int nft_rule_expr_limit_snprintf(char *buf, size_t len, uint32_t type, uint32_t flags, struct nft_rule_expr *e) { struct nft_expr_limit *limit = nft_expr_data(e); - static const char *units[] = { - [1] = "second", - [1 * 60] = "minute", - [1 * 60 * 60] = "hour", - [1 * 60 * 60 * 24] = "day", - [1 * 60 * 60 * 24 * 7] = "week", - }; switch(type) { case NFT_RULE_O_DEFAULT: return snprintf(buf, len, "rate %"PRIu64"/%s ", - limit->rate, units[limit->unit]); + limit->rate, get_unit(limit->unit)); case NFT_RULE_O_XML: return snprintf(buf, len, "<rate>%"PRIu64"</rate>" "<unit>%"PRIu64"</unit>", |