patch-2.4.25 linux-2.4.25/net/ipv4/netfilter/ipt_limit.c
Next file: linux-2.4.25/net/ipv4/netfilter/ipt_recent.c
Previous file: linux-2.4.25/net/ipv4/netfilter/ipt_helper.c
Back to the patch index
Back to the overall index
- Lines: 38
- Date:
2004-02-18 05:36:32.000000000 -0800
- Orig file:
linux-2.4.24/net/ipv4/netfilter/ipt_limit.c
- Orig date:
2001-09-30 12:26:08.000000000 -0700
diff -urN linux-2.4.24/net/ipv4/netfilter/ipt_limit.c linux-2.4.25/net/ipv4/netfilter/ipt_limit.c
@@ -34,12 +34,23 @@
See Alexey's formal explanation in net/sched/sch_tbf.c.
- To avoid underflow, we multiply by 128 (ie. you get 128 credits per
- jiffy). Hence a cost of 2^32-1, means one pass per 32768 seconds
- at 1024HZ (or one every 9 hours). A cost of 1 means 12800 passes
- per second at 100HZ. */
+ To get the maxmum range, we multiply by this factor (ie. you get N
+ credits per jiffy). We want to allow a rate as low as 1 per day
+ (slowest userspace tool allows), which means
+ CREDITS_PER_JIFFY*HZ*60*60*24 < 2^32. ie. */
+#define MAX_CPJ (0xFFFFFFFF / (HZ*60*60*24))
+
+/* Repeated shift and or gives us all 1s, final shift and add 1 gives
+ * us the power of 2 below the theoretical max, so GCC simply does a
+ * shift. */
+#define _POW2_BELOW2(x) ((x)|((x)>>1))
+#define _POW2_BELOW4(x) (_POW2_BELOW2(x)|_POW2_BELOW2((x)>>2))
+#define _POW2_BELOW8(x) (_POW2_BELOW4(x)|_POW2_BELOW4((x)>>4))
+#define _POW2_BELOW16(x) (_POW2_BELOW8(x)|_POW2_BELOW8((x)>>8))
+#define _POW2_BELOW32(x) (_POW2_BELOW16(x)|_POW2_BELOW16((x)>>16))
+#define POW2_BELOW32(x) ((_POW2_BELOW32(x)>>1) + 1)
-#define CREDITS_PER_JIFFY 128
+#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
static int
ipt_limit_match(const struct sk_buff *skb,
@@ -97,7 +108,7 @@
/* Check for overflow. */
if (r->burst == 0
|| user2credits(r->avg * r->burst) < user2credits(r->avg)) {
- printk("Call rusty: overflow in ipt_limit: %u/%u\n",
+ printk("Overflow in ipt_limit, try lower: %u/%u\n",
r->avg, r->burst);
return 0;
}
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)