From: Jan Engelhardt <jengelh@medozas.de>
To: kaber@trash.net
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH 21/21] libxt_hashlimit: observe new default gc-expire time when saving
Date: Sun, 21 Aug 2011 13:09:36 +0200 [thread overview]
Message-ID: <1313924977-8623-22-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1313924977-8623-1-git-send-email-jengelh@medozas.de>
Since a while, --htable-gc-expire defaults to the chosen time quantum
instead of 10 fixed seconds, which leads the expiry value to be always
printed, which is redundant.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_hashlimit.c | 33 ++++++++++++++++++++-------------
tests/options-most.rules | 1 +
2 files changed, 21 insertions(+), 13 deletions(-)
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index eb52b16..da34cb2 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -23,7 +23,6 @@
/* miliseconds */
#define XT_HASHLIMIT_GCINTERVAL 1000
-#define XT_HASHLIMIT_EXPIRE 10000
struct hashlimit_mt_udata {
uint32_t mult;
@@ -187,7 +186,6 @@ static void hashlimit_init(struct xt_entry_match *m)
r->cfg.burst = XT_HASHLIMIT_BURST;
r->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL;
- r->cfg.expire = XT_HASHLIMIT_EXPIRE;
}
@@ -198,7 +196,6 @@ static void hashlimit_mt4_init(struct xt_entry_match *match)
info->cfg.mode = 0;
info->cfg.burst = XT_HASHLIMIT_BURST;
info->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL;
- info->cfg.expire = XT_HASHLIMIT_EXPIRE;
info->cfg.srcmask = 32;
info->cfg.dstmask = 32;
}
@@ -210,7 +207,6 @@ static void hashlimit_mt6_init(struct xt_entry_match *match)
info->cfg.mode = 0;
info->cfg.burst = XT_HASHLIMIT_BURST;
info->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL;
- info->cfg.expire = XT_HASHLIMIT_EXPIRE;
info->cfg.srcmask = 128;
info->cfg.dstmask = 128;
}
@@ -330,7 +326,7 @@ static const struct rates
{ "min", XT_HASHLIMIT_SCALE*60 },
{ "sec", XT_HASHLIMIT_SCALE } };
-static void print_rate(uint32_t period)
+static uint32_t print_rate(uint32_t period)
{
unsigned int i;
@@ -340,6 +336,8 @@ static void print_rate(uint32_t period)
break;
printf(" %u/%s", rates[i-1].mult / period, rates[i-1].name);
+ /* return in msec */
+ return rates[i-1].mult / XT_HASHLIMIT_SCALE * 1000;
}
static void print_mode(unsigned int mode, char separator)
@@ -374,7 +372,10 @@ static void hashlimit_print(const void *ip,
const struct xt_entry_match *match, int numeric)
{
const struct xt_hashlimit_info *r = (const void *)match->data;
- fputs(" limit: avg", stdout); print_rate(r->cfg.avg);
+ uint32_t quantum;
+
+ fputs(" limit: avg", stdout);
+ quantum = print_rate(r->cfg.avg);
printf(" burst %u", r->cfg.burst);
fputs(" mode", stdout);
print_mode(r->cfg.mode, '-');
@@ -384,18 +385,20 @@ static void hashlimit_print(const void *ip,
printf(" htable-max %u", r->cfg.max);
if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
printf(" htable-gcinterval %u", r->cfg.gc_interval);
- if (r->cfg.expire != XT_HASHLIMIT_EXPIRE)
+ if (r->cfg.expire != quantum)
printf(" htable-expire %u", r->cfg.expire);
}
static void
hashlimit_mt_print(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
{
+ uint32_t quantum;
+
if (info->cfg.mode & XT_HASHLIMIT_INVERT)
fputs(" limit: above", stdout);
else
fputs(" limit: up to", stdout);
- print_rate(info->cfg.avg);
+ quantum = print_rate(info->cfg.avg);
printf(" burst %u", info->cfg.burst);
if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
@@ -408,7 +411,7 @@ hashlimit_mt_print(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
printf(" htable-max %u", info->cfg.max);
if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
printf(" htable-gcinterval %u", info->cfg.gc_interval);
- if (info->cfg.expire != XT_HASHLIMIT_EXPIRE)
+ if (info->cfg.expire != quantum)
printf(" htable-expire %u", info->cfg.expire);
if (info->cfg.srcmask != dmask)
@@ -438,8 +441,10 @@ hashlimit_mt6_print(const void *ip, const struct xt_entry_match *match,
static void hashlimit_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_hashlimit_info *r = (const void *)match->data;
+ uint32_t quantum;
- fputs(" --hashlimit", stdout); print_rate(r->cfg.avg);
+ fputs(" --hashlimit", stdout);
+ quantum = print_rate(r->cfg.avg);
printf(" --hashlimit-burst %u", r->cfg.burst);
fputs(" --hashlimit-mode", stdout);
@@ -453,18 +458,20 @@ static void hashlimit_save(const void *ip, const struct xt_entry_match *match)
printf(" --hashlimit-htable-max %u", r->cfg.max);
if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
printf(" --hashlimit-htable-gcinterval %u", r->cfg.gc_interval);
- if (r->cfg.expire != XT_HASHLIMIT_EXPIRE)
+ if (r->cfg.expire != quantum)
printf(" --hashlimit-htable-expire %u", r->cfg.expire);
}
static void
hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
{
+ uint32_t quantum;
+
if (info->cfg.mode & XT_HASHLIMIT_INVERT)
fputs(" --hashlimit-above", stdout);
else
fputs(" --hashlimit-upto", stdout);
- print_rate(info->cfg.avg);
+ quantum = print_rate(info->cfg.avg);
printf(" --hashlimit-burst %u", info->cfg.burst);
if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
@@ -481,7 +488,7 @@ hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
printf(" --hashlimit-htable-max %u", info->cfg.max);
if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
printf(" --hashlimit-htable-gcinterval %u", info->cfg.gc_interval);
- if (info->cfg.expire != XT_HASHLIMIT_EXPIRE)
+ if (info->cfg.expire != quantum)
printf(" --hashlimit-htable-expire %u", info->cfg.expire);
if (info->cfg.srcmask != dmask)
diff --git a/tests/options-most.rules b/tests/options-most.rules
index 0e876e6..e54eb12 100644
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -92,6 +92,7 @@
-A matches
-A matches -p esp -m esp --espspi 5:4294967295
-A matches
+-A matches -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1 --hashlimit-htable-expire 2000
-A matches -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1
-A matches -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-name mini2
-A matches -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 1 --hashlimit-name mini3
--
1.7.3.4
prev parent reply other threads:[~2011-08-21 11:10 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-21 11:09 iptables-1.4.12 fixes (2) Jan Engelhardt
2011-08-21 11:09 ` [PATCH 01/21] doc: clarify libxt_connlimit defaults Jan Engelhardt
2011-08-21 11:09 ` [PATCH 02/21] libxt_conntrack: remove one misleading comment Jan Engelhardt
2011-08-21 11:09 ` [PATCH 03/21] libxt_dccp: restore missing XTOPT_INVERT tags for options Jan Engelhardt
2011-08-21 11:09 ` [PATCH 04/21] libxt_dccp: fix deprecated intrapositional ordering of ! Jan Engelhardt
2011-08-21 11:09 ` [PATCH 05/21] libxt_dccp: spell out option name on save Jan Engelhardt
2011-08-21 11:09 ` [PATCH 06/21] libxt_dccp: provide man pages options in short help too Jan Engelhardt
2011-08-21 11:09 ` [PATCH 07/21] libxt_dccp: fix random output of ! on --dccp-option Jan Engelhardt
2011-08-21 11:09 ` [PATCH 08/21] libxt_dscp: restore inversion support Jan Engelhardt
2011-08-21 11:09 ` [PATCH 09/21] libxt_hashlimit: default htable-expire must be in milliseconds Jan Engelhardt
2011-08-21 11:09 ` [PATCH 10/21] libxt_conntrack: fix --ctproto 0 output Jan Engelhardt
2011-08-21 11:09 ` [PATCH 11/21] xtoptions: flag use of XTOPT_POINTER without XTOPT_PUT Jan Engelhardt
2011-08-21 11:09 ` [PATCH 12/21] libip6t_frag: restore inversion support Jan Engelhardt
2011-08-21 11:09 ` [PATCH 13/21] libxt_hashlimit: remove inversion from hashlimit rev 0 Jan Engelhardt
2011-08-21 11:09 ` [PATCH 14/21] libip6t_hbh: restore setting IP6T_OPTS_LEN flag Jan Engelhardt
2011-08-21 11:09 ` [PATCH 15/21] libip6t_dst: " Jan Engelhardt
2011-08-21 11:09 ` [PATCH 16/21] libipt_ttl: document that negation is available Jan Engelhardt
2011-08-21 11:09 ` [PATCH 17/21] libxt_owner: restore inversion support Jan Engelhardt
2011-08-21 11:09 ` [PATCH 18/21] libxt_physdev: " Jan Engelhardt
2011-08-21 11:09 ` [PATCH 19/21] libxt_policy: remove superfluous inversion Jan Engelhardt
2011-08-21 11:09 ` [PATCH 20/21] tests: add negation tests for libxt_statistic Jan Engelhardt
2011-08-21 11:09 ` Jan Engelhardt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1313924977-8623-22-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).