Commit 0dc60a45 authored by Vishwanath Pai's avatar Vishwanath Pai Committed by Pablo Neira Ayuso

netfilter: xt_hashlimit: Prepare for revision 2

I am planning to add a revision 2 for the hashlimit xtables module to
support higher packets per second rates. This patch renames all the
functions and variables related to revision 1 by adding _v1 at the
end of the names.
Signed-off-by: default avatarVishwanath Pai <vpai@akamai.com>
Signed-off-by: default avatarJoshua Hunt <johunt@akamai.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 7bfdde70
...@@ -56,7 +56,7 @@ static inline struct hashlimit_net *hashlimit_pernet(struct net *net) ...@@ -56,7 +56,7 @@ static inline struct hashlimit_net *hashlimit_pernet(struct net *net)
} }
/* need to declare this at the top */ /* need to declare this at the top */
static const struct file_operations dl_file_ops; static const struct file_operations dl_file_ops_v1;
/* hash table crap */ /* hash table crap */
struct dsthash_dst { struct dsthash_dst {
...@@ -215,8 +215,8 @@ dsthash_free(struct xt_hashlimit_htable *ht, struct dsthash_ent *ent) ...@@ -215,8 +215,8 @@ dsthash_free(struct xt_hashlimit_htable *ht, struct dsthash_ent *ent)
} }
static void htable_gc(struct work_struct *work); static void htable_gc(struct work_struct *work);
static int htable_create(struct net *net, struct xt_hashlimit_mtinfo1 *minfo, static int htable_create_v1(struct net *net, struct xt_hashlimit_mtinfo1 *minfo,
u_int8_t family) u_int8_t family)
{ {
struct hashlimit_net *hashlimit_net = hashlimit_pernet(net); struct hashlimit_net *hashlimit_net = hashlimit_pernet(net);
struct xt_hashlimit_htable *hinfo; struct xt_hashlimit_htable *hinfo;
...@@ -265,7 +265,7 @@ static int htable_create(struct net *net, struct xt_hashlimit_mtinfo1 *minfo, ...@@ -265,7 +265,7 @@ static int htable_create(struct net *net, struct xt_hashlimit_mtinfo1 *minfo,
hinfo->pde = proc_create_data(minfo->name, 0, hinfo->pde = proc_create_data(minfo->name, 0,
(family == NFPROTO_IPV4) ? (family == NFPROTO_IPV4) ?
hashlimit_net->ipt_hashlimit : hashlimit_net->ip6t_hashlimit, hashlimit_net->ipt_hashlimit : hashlimit_net->ip6t_hashlimit,
&dl_file_ops, hinfo); &dl_file_ops_v1, hinfo);
if (hinfo->pde == NULL) { if (hinfo->pde == NULL) {
kfree(hinfo->name); kfree(hinfo->name);
vfree(hinfo); vfree(hinfo);
...@@ -398,7 +398,7 @@ static void htable_put(struct xt_hashlimit_htable *hinfo) ...@@ -398,7 +398,7 @@ static void htable_put(struct xt_hashlimit_htable *hinfo)
(slowest userspace tool allows), which means (slowest userspace tool allows), which means
CREDITS_PER_JIFFY*HZ*60*60*24 < 2^32 ie. CREDITS_PER_JIFFY*HZ*60*60*24 < 2^32 ie.
*/ */
#define MAX_CPJ (0xFFFFFFFF / (HZ*60*60*24)) #define MAX_CPJ_v1 (0xFFFFFFFF / (HZ*60*60*24))
/* Repeated shift and or gives us all 1s, final shift and add 1 gives /* Repeated shift and or gives us all 1s, final shift and add 1 gives
* us the power of 2 below the theoretical max, so GCC simply does a * us the power of 2 below the theoretical max, so GCC simply does a
...@@ -410,7 +410,7 @@ static void htable_put(struct xt_hashlimit_htable *hinfo) ...@@ -410,7 +410,7 @@ static void htable_put(struct xt_hashlimit_htable *hinfo)
#define _POW2_BELOW32(x) (_POW2_BELOW16(x)|_POW2_BELOW16((x)>>16)) #define _POW2_BELOW32(x) (_POW2_BELOW16(x)|_POW2_BELOW16((x)>>16))
#define POW2_BELOW32(x) ((_POW2_BELOW32(x)>>1) + 1) #define POW2_BELOW32(x) ((_POW2_BELOW32(x)>>1) + 1)
#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) #define CREDITS_PER_JIFFY_v1 POW2_BELOW32(MAX_CPJ_v1)
/* in byte mode, the lowest possible rate is one packet/second. /* in byte mode, the lowest possible rate is one packet/second.
* credit_cap is used as a counter that tells us how many times we can * credit_cap is used as a counter that tells us how many times we can
...@@ -428,11 +428,12 @@ static u32 xt_hashlimit_len_to_chunks(u32 len) ...@@ -428,11 +428,12 @@ static u32 xt_hashlimit_len_to_chunks(u32 len)
static u32 user2credits(u32 user) static u32 user2credits(u32 user)
{ {
/* If multiplying would overflow... */ /* If multiplying would overflow... */
if (user > 0xFFFFFFFF / (HZ*CREDITS_PER_JIFFY)) if (user > 0xFFFFFFFF / (HZ*CREDITS_PER_JIFFY_v1))
/* Divide first. */ /* Divide first. */
return (user / XT_HASHLIMIT_SCALE) * HZ * CREDITS_PER_JIFFY; return (user / XT_HASHLIMIT_SCALE) *\
HZ * CREDITS_PER_JIFFY_v1;
return (user * HZ * CREDITS_PER_JIFFY) / XT_HASHLIMIT_SCALE; return (user * HZ * CREDITS_PER_JIFFY_v1) / XT_HASHLIMIT_SCALE;
} }
static u32 user2credits_byte(u32 user) static u32 user2credits_byte(u32 user)
...@@ -461,7 +462,7 @@ static void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now, u32 mode) ...@@ -461,7 +462,7 @@ static void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now, u32 mode)
return; return;
} }
} else { } else {
dh->rateinfo.credit += delta * CREDITS_PER_JIFFY; dh->rateinfo.credit += delta * CREDITS_PER_JIFFY_v1;
cap = dh->rateinfo.credit_cap; cap = dh->rateinfo.credit_cap;
} }
if (dh->rateinfo.credit > cap) if (dh->rateinfo.credit > cap)
...@@ -603,7 +604,7 @@ static u32 hashlimit_byte_cost(unsigned int len, struct dsthash_ent *dh) ...@@ -603,7 +604,7 @@ static u32 hashlimit_byte_cost(unsigned int len, struct dsthash_ent *dh)
} }
static bool static bool
hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par) hashlimit_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
{ {
const struct xt_hashlimit_mtinfo1 *info = par->matchinfo; const struct xt_hashlimit_mtinfo1 *info = par->matchinfo;
struct xt_hashlimit_htable *hinfo = info->hinfo; struct xt_hashlimit_htable *hinfo = info->hinfo;
...@@ -660,7 +661,7 @@ hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par) ...@@ -660,7 +661,7 @@ hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
return false; return false;
} }
static int hashlimit_mt_check(const struct xt_mtchk_param *par) static int hashlimit_mt_check_v1(const struct xt_mtchk_param *par)
{ {
struct net *net = par->net; struct net *net = par->net;
struct xt_hashlimit_mtinfo1 *info = par->matchinfo; struct xt_hashlimit_mtinfo1 *info = par->matchinfo;
...@@ -701,7 +702,7 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par) ...@@ -701,7 +702,7 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par)
mutex_lock(&hashlimit_mutex); mutex_lock(&hashlimit_mutex);
info->hinfo = htable_find_get(net, info->name, par->family); info->hinfo = htable_find_get(net, info->name, par->family);
if (info->hinfo == NULL) { if (info->hinfo == NULL) {
ret = htable_create(net, info, par->family); ret = htable_create_v1(net, info, par->family);
if (ret < 0) { if (ret < 0) {
mutex_unlock(&hashlimit_mutex); mutex_unlock(&hashlimit_mutex);
return ret; return ret;
...@@ -711,7 +712,7 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par) ...@@ -711,7 +712,7 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par)
return 0; return 0;
} }
static void hashlimit_mt_destroy(const struct xt_mtdtor_param *par) static void hashlimit_mt_destroy_v1(const struct xt_mtdtor_param *par)
{ {
const struct xt_hashlimit_mtinfo1 *info = par->matchinfo; const struct xt_hashlimit_mtinfo1 *info = par->matchinfo;
...@@ -723,10 +724,10 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = { ...@@ -723,10 +724,10 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
.name = "hashlimit", .name = "hashlimit",
.revision = 1, .revision = 1,
.family = NFPROTO_IPV4, .family = NFPROTO_IPV4,
.match = hashlimit_mt, .match = hashlimit_mt_v1,
.matchsize = sizeof(struct xt_hashlimit_mtinfo1), .matchsize = sizeof(struct xt_hashlimit_mtinfo1),
.checkentry = hashlimit_mt_check, .checkentry = hashlimit_mt_check_v1,
.destroy = hashlimit_mt_destroy, .destroy = hashlimit_mt_destroy_v1,
.me = THIS_MODULE, .me = THIS_MODULE,
}, },
#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
...@@ -734,10 +735,10 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = { ...@@ -734,10 +735,10 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
.name = "hashlimit", .name = "hashlimit",
.revision = 1, .revision = 1,
.family = NFPROTO_IPV6, .family = NFPROTO_IPV6,
.match = hashlimit_mt, .match = hashlimit_mt_v1,
.matchsize = sizeof(struct xt_hashlimit_mtinfo1), .matchsize = sizeof(struct xt_hashlimit_mtinfo1),
.checkentry = hashlimit_mt_check, .checkentry = hashlimit_mt_check_v1,
.destroy = hashlimit_mt_destroy, .destroy = hashlimit_mt_destroy_v1,
.me = THIS_MODULE, .me = THIS_MODULE,
}, },
#endif #endif
...@@ -786,8 +787,8 @@ static void dl_seq_stop(struct seq_file *s, void *v) ...@@ -786,8 +787,8 @@ static void dl_seq_stop(struct seq_file *s, void *v)
spin_unlock_bh(&htable->lock); spin_unlock_bh(&htable->lock);
} }
static int dl_seq_real_show(struct dsthash_ent *ent, u_int8_t family, static int dl_seq_real_show_v1(struct dsthash_ent *ent, u_int8_t family,
struct seq_file *s) struct seq_file *s)
{ {
const struct xt_hashlimit_htable *ht = s->private; const struct xt_hashlimit_htable *ht = s->private;
...@@ -825,7 +826,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, u_int8_t family, ...@@ -825,7 +826,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, u_int8_t family,
return seq_has_overflowed(s); return seq_has_overflowed(s);
} }
static int dl_seq_show(struct seq_file *s, void *v) static int dl_seq_show_v1(struct seq_file *s, void *v)
{ {
struct xt_hashlimit_htable *htable = s->private; struct xt_hashlimit_htable *htable = s->private;
unsigned int *bucket = (unsigned int *)v; unsigned int *bucket = (unsigned int *)v;
...@@ -833,22 +834,22 @@ static int dl_seq_show(struct seq_file *s, void *v) ...@@ -833,22 +834,22 @@ static int dl_seq_show(struct seq_file *s, void *v)
if (!hlist_empty(&htable->hash[*bucket])) { if (!hlist_empty(&htable->hash[*bucket])) {
hlist_for_each_entry(ent, &htable->hash[*bucket], node) hlist_for_each_entry(ent, &htable->hash[*bucket], node)
if (dl_seq_real_show(ent, htable->family, s)) if (dl_seq_real_show_v1(ent, htable->family, s))
return -1; return -1;
} }
return 0; return 0;
} }
static const struct seq_operations dl_seq_ops = { static const struct seq_operations dl_seq_ops_v1 = {
.start = dl_seq_start, .start = dl_seq_start,
.next = dl_seq_next, .next = dl_seq_next,
.stop = dl_seq_stop, .stop = dl_seq_stop,
.show = dl_seq_show .show = dl_seq_show_v1
}; };
static int dl_proc_open(struct inode *inode, struct file *file) static int dl_proc_open_v1(struct inode *inode, struct file *file)
{ {
int ret = seq_open(file, &dl_seq_ops); int ret = seq_open(file, &dl_seq_ops_v1);
if (!ret) { if (!ret) {
struct seq_file *sf = file->private_data; struct seq_file *sf = file->private_data;
...@@ -857,9 +858,9 @@ static int dl_proc_open(struct inode *inode, struct file *file) ...@@ -857,9 +858,9 @@ static int dl_proc_open(struct inode *inode, struct file *file)
return ret; return ret;
} }
static const struct file_operations dl_file_ops = { static const struct file_operations dl_file_ops_v1 = {
.owner = THIS_MODULE, .owner = THIS_MODULE,
.open = dl_proc_open, .open = dl_proc_open_v1,
.read = seq_read, .read = seq_read,
.llseek = seq_lseek, .llseek = seq_lseek,
.release = seq_release .release = seq_release
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment