On Thursday 2009-06-04 17:27, Laszlo Attila Toth wrote: > > I'm also working on a newer revision of the limit match, which is almost done. > It can be inverted (! --limit ...). Take a look at hashlimit, where for the userspace interaction, the use of ambiguous negations is avoided: --hashlimit-above / --hashlimit-below; only behind the curtain is it encoded into a negation. I wish that this logic be kept for future developments. >I think in this case a bitfield can be > used, but it is probably not necessary, the following extra member is enogh: > > u_int32_t invert; That is pretty large for a single inversion. Again, make it a "flags" variable, maybe there will be more flags in future, who knows. Also, if possible, try combining all the TBF implementations; limit and hashlimit are so close to each other, the latter would only need a "--hashlimit-mode notuple" (from a userspace pov) , and xt_limit could be obsoleted. Furthermore, we have xt_rateest now, so is the work on the TBF limiters really justified? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
