Since a while, --htable-gc-expire defaults to the chosen time quantum
instead of 10 fixed seconds, which leads the expiry value to be always
printed, which is redundant.
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
---
extensions/libxt_hashlimit.c | 33 ++++++++++++++++++++-------------
tests/options-most.rules | 1 +
2 files changed, 21 insertions(+), 13 deletions(-)
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index eb52b16..da34cb2 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -23,7 +23,6 @@
/* miliseconds */
#define XT_HASHLIMIT_GCINTERVAL 1000
-#define XT_HASHLIMIT_EXPIRE 10000
struct hashlimit_mt_udata {
uint32_t mult;
@@ -187,7 +186,6 @@ static void hashlimit_init(struct xt_entry_match *m)
r->cfg.burst = XT_HASHLIMIT_BURST;
r->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL;
- r->cfg.expire = XT_HASHLIMIT_EXPIRE;
}
@@ -198,7 +196,6 @@ static void hashlimit_mt4_init(struct xt_entry_match *match)
info->cfg.mode = 0;
info->cfg.burst = XT_HASHLIMIT_BURST;
info->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL;
- info->cfg.expire = XT_HASHLIMIT_EXPIRE;
info->cfg.srcmask = 32;
info->cfg.dstmask = 32;
}
@@ -210,7 +207,6 @@ static void hashlimit_mt6_init(struct xt_entry_match *match)
info->cfg.mode = 0;
info->cfg.burst = XT_HASHLIMIT_BURST;
info->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL;
- info->cfg.expire = XT_HASHLIMIT_EXPIRE;
info->cfg.srcmask = 128;
info->cfg.dstmask = 128;
}
@@ -330,7 +326,7 @@ static const struct rates
{ "min", XT_HASHLIMIT_SCALE*60 },
{ "sec", XT_HASHLIMIT_SCALE } };
-static void print_rate(uint32_t period)
+static uint32_t print_rate(uint32_t period)
{
unsigned int i;
@@ -340,6 +336,8 @@ static void print_rate(uint32_t period)
break;
printf(" %u/%s", rates[i-1].mult / period, rates[i-1].name);
+ /* return in msec */
+ return rates[i-1].mult / XT_HASHLIMIT_SCALE * 1000;
}
static void print_mode(unsigned int mode, char separator)
@@ -374,7 +372,10 @@ static void hashlimit_print(const void *ip,
const struct xt_entry_match *match, int numeric)
{
const struct xt_hashlimit_info *r = (const void *)match->data;
- fputs(" limit: avg", stdout); print_rate(r->cfg.avg);
+ uint32_t quantum;
+
+ fputs(" limit: avg", stdout);
+ quantum = print_rate(r->cfg.avg);
printf(" burst %u", r->cfg.burst);
fputs(" mode", stdout);
print_mode(r->cfg.mode, '-');
@@ -384,18 +385,20 @@ static void hashlimit_print(const void *ip,
printf(" htable-max %u", r->cfg.max);
if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
printf(" htable-gcinterval %u", r->cfg.gc_interval);
- if (r->cfg.expire != XT_HASHLIMIT_EXPIRE)
+ if (r->cfg.expire != quantum)
printf(" htable-expire %u", r->cfg.expire);
}
static void
hashlimit_mt_print(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
{
+ uint32_t quantum;
+
if (info->cfg.mode & XT_HASHLIMIT_INVERT)
fputs(" limit: above", stdout);
else
fputs(" limit: up to", stdout);
- print_rate(info->cfg.avg);
+ quantum = print_rate(info->cfg.avg);
printf(" burst %u", info->cfg.burst);
if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
@@ -408,7 +411,7 @@ hashlimit_mt_print(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
printf(" htable-max %u", info->cfg.max);
if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
printf(" htable-gcinterval %u", info->cfg.gc_interval);
- if (info->cfg.expire != XT_HASHLIMIT_EXPIRE)
+ if (info->cfg.expire != quantum)
printf(" htable-expire %u", info->cfg.expire);
if (info->cfg.srcmask != dmask)
@@ -438,8 +441,10 @@ hashlimit_mt6_print(const void *ip, const struct xt_entry_match *match,
static void hashlimit_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_hashlimit_info *r = (const void *)match->data;
+ uint32_t quantum;
- fputs(" --hashlimit", stdout); print_rate(r->cfg.avg);
+ fputs(" --hashlimit", stdout);
+ quantum = print_rate(r->cfg.avg);
printf(" --hashlimit-burst %u", r->cfg.burst);
fputs(" --hashlimit-mode", stdout);
@@ -453,18 +458,20 @@ static void hashlimit_save(const void *ip, const struct xt_entry_match *match)
printf(" --hashlimit-htable-max %u", r->cfg.max);
if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
printf(" --hashlimit-htable-gcinterval %u", r->cfg.gc_interval);
- if (r->cfg.expire != XT_HASHLIMIT_EXPIRE)
+ if (r->cfg.expire != quantum)
printf(" --hashlimit-htable-expire %u", r->cfg.expire);
}
static void
hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
{
+ uint32_t quantum;
+
if (info->cfg.mode & XT_HASHLIMIT_INVERT)
fputs(" --hashlimit-above", stdout);
else
fputs(" --hashlimit-upto", stdout);
- print_rate(info->cfg.avg);
+ quantum = print_rate(info->cfg.avg);
printf(" --hashlimit-burst %u", info->cfg.burst);
if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
@@ -481,7 +488,7 @@ hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
printf(" --hashlimit-htable-max %u", info->cfg.max);
if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
printf(" --hashlimit-htable-gcinterval %u", info->cfg.gc_interval);
- if (info->cfg.expire != XT_HASHLIMIT_EXPIRE)
+ if (info->cfg.expire != quantum)
printf(" --hashlimit-htable-expire %u", info->cfg.expire);
if (info->cfg.srcmask != dmask)
diff --git a/tests/options-most.rules b/tests/options-most.rules
index 0e876e6..e54eb12 100644
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -92,6 +92,7 @@
-A matches
-A matches -p esp -m esp --espspi 5:4294967295
-A matches
+-A matches -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1 --hashlimit-htable-expire 2000
-A matches -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1
-A matches -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-name mini2
-A matches -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 1 --hashlimit-name mini3
--
1.7.3.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
