From 85b794373f9f914a8fc2f015dd9013d91fe7404e Mon Sep 17 00:00:00 2001 From: Vishwanath Pai Date: Mon, 26 Sep 2016 15:08:52 -0400 Subject: extensions: libxt_hashlimit: Create revision 2 of xt_hashlimit to support higher pps rates Create a new revision for the hashlimit iptables extension module. Rev 2 will support higher pps of upto 1 million, Version 1 supports only 10k. To support this we have to increase the size of the variables avg and burst in hashlimit_cfg to 64-bit. Create two new structs hashlimit_cfg2 and xt_hashlimit_mtinfo2 and also create newer versions of all the functions for match, checkentry and destory. Signed-off-by: Vishwanath Pai Signed-off-by: Joshua Hunt Signed-off-by: Pablo Neira Ayuso --- extensions/libxt_hashlimit.t | 2 ++ 1 file changed, 2 insertions(+) (limited to 'extensions/libxt_hashlimit.t') diff --git a/extensions/libxt_hashlimit.t b/extensions/libxt_hashlimit.t index 59d66135..d27c8616 100644 --- a/extensions/libxt_hashlimit.t +++ b/extensions/libxt_hashlimit.t @@ -1,10 +1,12 @@ :INPUT,FORWARD,OUTPUT -m hashlimit --hashlimit-above 1/sec --hashlimit-burst 5 --hashlimit-name mini1;=;OK +-m hashlimit --hashlimit-above 1000000/sec --hashlimit-burst 5 --hashlimit-name mini1;=;OK -m hashlimit --hashlimit-above 1/min --hashlimit-burst 5 --hashlimit-name mini1;=;OK -m hashlimit --hashlimit-above 1/hour --hashlimit-burst 5 --hashlimit-name mini1;=;OK # kernel says "xt_hashlimit: overflow, try lower: 864000000/5" -m hashlimit --hashlimit-above 1/day --hashlimit-burst 5 --hashlimit-name mini1;;FAIL -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 5 --hashlimit-name mini1;=;OK +-m hashlimit --hashlimit-upto 1000000/sec --hashlimit-burst 5 --hashlimit-name mini1;=;OK -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 5 --hashlimit-name mini1;=;OK -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 5 --hashlimit-name mini1;=;OK # kernel says "xt_hashlimit: overflow, try lower: 864000000/5" -- cgit v1.2.3