diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-17 19:03:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-23 19:00:02 +0200 |
commit | b91bbf88f00bb45007c665b86cbd7982b2548b22 (patch) | |
tree | 88c9cd10be15d62d007dd0d3e0e96218187521e2 /src/optimize.c | |
parent | 45a61a755f80c52dbed747ad3c5a9a4b5f9b44ad (diff) |
optimize: limit statement is not supported yet
Revert support for limit statement, the limit statement is stateful and
it applies a ratelimit per rule, transformation for merging rules with
the limit statement needs to use anonymous sets with statements.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/optimize.c')
-rw-r--r-- | src/optimize.c | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/src/optimize.c b/src/optimize.c index c6b85d74..2340ef46 100644 --- a/src/optimize.c +++ b/src/optimize.c @@ -197,14 +197,6 @@ static bool __stmt_type_eq(const struct stmt *stmt_a, const struct stmt *stmt_b, expr_b->etype == EXPR_MAP) return __expr_cmp(expr_a->map, expr_b->map); break; - case STMT_LIMIT: - if (stmt_a->limit.rate != stmt_b->limit.rate || - stmt_a->limit.unit != stmt_b->limit.unit || - stmt_a->limit.burst != stmt_b->limit.burst || - stmt_a->limit.type != stmt_b->limit.type || - stmt_a->limit.flags != stmt_b->limit.flags) - return false; - break; case STMT_LOG: if (stmt_a->log.snaplen != stmt_b->log.snaplen || stmt_a->log.group != stmt_b->log.group || @@ -322,7 +314,6 @@ static bool stmt_type_find(struct optimize_ctx *ctx, const struct stmt *stmt) case STMT_VERDICT: case STMT_COUNTER: case STMT_NOTRACK: - case STMT_LIMIT: case STMT_LOG: case STMT_NAT: case STMT_REJECT: @@ -367,9 +358,6 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule) case STMT_COUNTER: case STMT_NOTRACK: break; - case STMT_LIMIT: - memcpy(&clone->limit, &stmt->limit, sizeof(clone->limit)); - break; case STMT_LOG: memcpy(&clone->log, &stmt->log, sizeof(clone->log)); if (stmt->log.prefix) |