summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-10-22 15:11:02 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-10-22 15:11:18 +0200
commitcc9d2851135901d11e21b1a0332e83119124d083 (patch)
tree36499937d00d3e5e6c3041eb95a398419046785e
parente91ea14da66759c71d5c2a581b82c2508a02f60a (diff)
expr: limit: avoid huge rodata array
commit 10e0890e ('src: operational limit match') creates huge array, increasing libnftables binary size. Use switch statement instead. Based on patch from Florian Westphal, for nft. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/expr/limit.c21
1 files changed, 13 insertions, 8 deletions
diff --git a/src/expr/limit.c b/src/expr/limit.c
index 9718171..ef76418 100644
--- a/src/expr/limit.c
+++ b/src/expr/limit.c
@@ -164,23 +164,28 @@ static int nft_rule_expr_limit_xml_parse(struct nft_rule_expr *e, mxml_node_t *t
#endif
}
+static const char *get_unit(uint64_t u)
+{
+ switch (u) {
+ case 1: return "seconds";
+ case 60: return "minute";
+ case 60 * 60: return "hour";
+ case 60 * 60 * 24: return "day";
+ case 60 * 60 * 24 * 7: return "week";
+ }
+ return "error";
+}
+
static int
nft_rule_expr_limit_snprintf(char *buf, size_t len, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
{
struct nft_expr_limit *limit = nft_expr_data(e);
- static const char *units[] = {
- [1] = "second",
- [1 * 60] = "minute",
- [1 * 60 * 60] = "hour",
- [1 * 60 * 60 * 24] = "day",
- [1 * 60 * 60 * 24 * 7] = "week",
- };
switch(type) {
case NFT_RULE_O_DEFAULT:
return snprintf(buf, len, "rate %"PRIu64"/%s ",
- limit->rate, units[limit->unit]);
+ limit->rate, get_unit(limit->unit));
case NFT_RULE_O_XML:
return snprintf(buf, len, "<rate>%"PRIu64"</rate>"
"<unit>%"PRIu64"</unit>",