diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2011-08-21 13:04:38 +0200 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2011-08-21 13:04:40 +0200 |
| commit | 4a56bcbd49ef20a0203017c15ab1cec9bb140d1a (patch) | |
| tree | bfadf01688e58444505fc8f5dd5309ee704392bd | |
| parent | 7e42bda9330afe717561c47a02a3f58c8ee1a246 (diff) | |
libxt_hashlimit: observe new default gc-expire time when saving
Since a while, --htable-gc-expire defaults to the chosen time quantum
instead of 10 fixed seconds, which leads the expiry value to be always
printed, which is redundant.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| -rw-r--r-- | extensions/libxt_hashlimit.c | 33 | ||||
| -rw-r--r-- | tests/options-most.rules | 1 |
2 files changed, 21 insertions, 13 deletions
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c index eb52b169..da34cb22 100644 --- a/extensions/libxt_hashlimit.c +++ b/extensions/libxt_hashlimit.c @@ -23,7 +23,6 @@ /* miliseconds */ #define XT_HASHLIMIT_GCINTERVAL 1000 -#define XT_HASHLIMIT_EXPIRE 10000 struct hashlimit_mt_udata { uint32_t mult; @@ -187,7 +186,6 @@ static void hashlimit_init(struct xt_entry_match *m) r->cfg.burst = XT_HASHLIMIT_BURST; r->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL; - r->cfg.expire = XT_HASHLIMIT_EXPIRE; } @@ -198,7 +196,6 @@ static void hashlimit_mt4_init(struct xt_entry_match *match) info->cfg.mode = 0; info->cfg.burst = XT_HASHLIMIT_BURST; info->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL; - info->cfg.expire = XT_HASHLIMIT_EXPIRE; info->cfg.srcmask = 32; info->cfg.dstmask = 32; } @@ -210,7 +207,6 @@ static void hashlimit_mt6_init(struct xt_entry_match *match) info->cfg.mode = 0; info->cfg.burst = XT_HASHLIMIT_BURST; info->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL; - info->cfg.expire = XT_HASHLIMIT_EXPIRE; info->cfg.srcmask = 128; info->cfg.dstmask = 128; } @@ -330,7 +326,7 @@ static const struct rates { "min", XT_HASHLIMIT_SCALE*60 }, { "sec", XT_HASHLIMIT_SCALE } }; -static void print_rate(uint32_t period) +static uint32_t print_rate(uint32_t period) { unsigned int i; @@ -340,6 +336,8 @@ static void print_rate(uint32_t period) break; printf(" %u/%s", rates[i-1].mult / period, rates[i-1].name); + /* return in msec */ + return rates[i-1].mult / XT_HASHLIMIT_SCALE * 1000; } static void print_mode(unsigned int mode, char separator) @@ -374,7 +372,10 @@ static void hashlimit_print(const void *ip, const struct xt_entry_match *match, int numeric) { const struct xt_hashlimit_info *r = (const void *)match->data; - fputs(" limit: avg", stdout); print_rate(r->cfg.avg); + uint32_t quantum; + + fputs(" limit: avg", stdout); + quantum = print_rate(r->cfg.avg); printf(" burst %u", r->cfg.burst); fputs(" mode", stdout); print_mode(r->cfg.mode, '-'); @@ -384,18 +385,20 @@ static void hashlimit_print(const void *ip, printf(" htable-max %u", r->cfg.max); if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL) printf(" htable-gcinterval %u", r->cfg.gc_interval); - if (r->cfg.expire != XT_HASHLIMIT_EXPIRE) + if (r->cfg.expire != quantum) printf(" htable-expire %u", r->cfg.expire); } static void hashlimit_mt_print(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask) { + uint32_t quantum; + if (info->cfg.mode & XT_HASHLIMIT_INVERT) fputs(" limit: above", stdout); else fputs(" limit: up to", stdout); - print_rate(info->cfg.avg); + quantum = print_rate(info->cfg.avg); printf(" burst %u", info->cfg.burst); if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT | XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) { @@ -408,7 +411,7 @@ hashlimit_mt_print(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask) printf(" htable-max %u", info->cfg.max); if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL) printf(" htable-gcinterval %u", info->cfg.gc_interval); - if (info->cfg.expire != XT_HASHLIMIT_EXPIRE) + if (info->cfg.expire != quantum) printf(" htable-expire %u", info->cfg.expire); if (info->cfg.srcmask != dmask) @@ -438,8 +441,10 @@ hashlimit_mt6_print(const void *ip, const struct xt_entry_match *match, static void hashlimit_save(const void *ip, const struct xt_entry_match *match) { const struct xt_hashlimit_info *r = (const void *)match->data; + uint32_t quantum; - fputs(" --hashlimit", stdout); print_rate(r->cfg.avg); + fputs(" --hashlimit", stdout); + quantum = print_rate(r->cfg.avg); printf(" --hashlimit-burst %u", r->cfg.burst); fputs(" --hashlimit-mode", stdout); @@ -453,18 +458,20 @@ static void hashlimit_save(const void *ip, const struct xt_entry_match *match) printf(" --hashlimit-htable-max %u", r->cfg.max); if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL) printf(" --hashlimit-htable-gcinterval %u", r->cfg.gc_interval); - if (r->cfg.expire != XT_HASHLIMIT_EXPIRE) + if (r->cfg.expire != quantum) printf(" --hashlimit-htable-expire %u", r->cfg.expire); } static void hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask) { + uint32_t quantum; + if (info->cfg.mode & XT_HASHLIMIT_INVERT) fputs(" --hashlimit-above", stdout); else fputs(" --hashlimit-upto", stdout); - print_rate(info->cfg.avg); + quantum = print_rate(info->cfg.avg); printf(" --hashlimit-burst %u", info->cfg.burst); if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT | @@ -481,7 +488,7 @@ hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask) printf(" --hashlimit-htable-max %u", info->cfg.max); if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL) printf(" --hashlimit-htable-gcinterval %u", info->cfg.gc_interval); - if (info->cfg.expire != XT_HASHLIMIT_EXPIRE) + if (info->cfg.expire != quantum) printf(" --hashlimit-htable-expire %u", info->cfg.expire); if (info->cfg.srcmask != dmask) diff --git a/tests/options-most.rules b/tests/options-most.rules index 0e876e65..e54eb127 100644 --- a/tests/options-most.rules +++ b/tests/options-most.rules @@ -92,6 +92,7 @@ -A matches -A matches -p esp -m esp --espspi 5:4294967295 -A matches +-A matches -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1 --hashlimit-htable-expire 2000 -A matches -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1 -A matches -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-name mini2 -A matches -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 1 --hashlimit-name mini3 |