From b259d1aca0db1bed5af3e4fe378f8aeb4d3ce645 Mon Sep 17 00:00:00 2001
From: Phil Oester <kernel@linuxace.com>
Date: Sat, 5 Oct 2013 09:44:56 -0700
Subject: src: operational limit match

The nft limit match currently does not work at all.  Below patches to nftables,
libnftables, and kernel address the issue.  A few notes on the implementation:

- Removed support for nano/micro/milli second limits.  These seem pointless,
  given we are using jiffies in the limit match, not a hpet.  And who really
  needs to limit items down to sub-second level??

- 'depth' member is removed as unnecessary.  All we need in the kernel is the
  rate and the unit.

- 'stamp' member becomes the time we need to next refresh the token bucket,
  instead of being updated on every packet which goes through the match.

This closes netfilter bugzilla #827, reported by Eric Leblond.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/statement.h | 1 -
 1 file changed, 1 deletion(-)

(limited to 'include/statement.h')

diff --git a/include/statement.h b/include/statement.h
index 53702317..6ecbb18d 100644
--- a/include/statement.h
+++ b/include/statement.h
@@ -41,7 +41,6 @@ extern struct stmt *log_stmt_alloc(const struct location *loc);
 struct limit_stmt {
 	uint64_t		rate;
 	uint64_t		unit;
-	uint64_t		depth;
 };
 
 extern struct stmt *limit_stmt_alloc(const struct location *loc);
-- 
cgit v1.2.3