tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nft_limit: constant token cost per packet

The cost per packet can be calculated from the control plane path since this
doesn't ever change.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 8bdf3626 3e87baaf

+18 -7
+18 -7
net/netfilter/nft_limit.c
··· 98 98 return -1; 99 99 } 100 100 101 + struct nft_limit_pkts { 102 + struct nft_limit limit; 103 + u64 cost; 104 + }; 105 + 101 106 static void nft_limit_pkts_eval(const struct nft_expr *expr, 102 107 struct nft_regs *regs, 103 108 const struct nft_pktinfo *pkt) 104 109 { 105 - struct nft_limit *priv = nft_expr_priv(expr); 110 + struct nft_limit_pkts *priv = nft_expr_priv(expr); 106 111 107 - if (nft_limit_eval(priv, div_u64(priv->nsecs, priv->rate))) 112 + if (nft_limit_eval(&priv->limit, priv->cost)) 108 113 regs->verdict.code = NFT_BREAK; 109 114 } 110 115 ··· 123 118 const struct nft_expr *expr, 124 119 const struct nlattr * const tb[]) 125 120 { 126 - struct nft_limit *priv = nft_expr_priv(expr); 121 + struct nft_limit_pkts *priv = nft_expr_priv(expr); 122 + int err; 127 123 128 - return nft_limit_init(priv, tb); 124 + err = nft_limit_init(&priv->limit, tb); 125 + if (err < 0) 126 + return err; 127 + 128 + priv->cost = div_u64(priv->limit.nsecs, priv->limit.rate); 129 + return 0; 129 130 } 130 131 131 132 static int nft_limit_pkts_dump(struct sk_buff *skb, const struct nft_expr *expr) 132 133 { 133 - const struct nft_limit *priv = nft_expr_priv(expr); 134 + const struct nft_limit_pkts *priv = nft_expr_priv(expr); 134 135 135 - return nft_limit_dump(skb, priv); 136 + return nft_limit_dump(skb, &priv->limit); 136 137 } 137 138 138 139 static struct nft_expr_type nft_limit_type; 139 140 static const struct nft_expr_ops nft_limit_pkts_ops = { 140 141 .type = &nft_limit_type, 141 - .size = NFT_EXPR_SIZE(sizeof(struct nft_limit)), 142 + .size = NFT_EXPR_SIZE(sizeof(struct nft_limit_pkts)), 142 143 .eval = nft_limit_pkts_eval, 143 144 .init = nft_limit_pkts_init, 144 145 .dump = nft_limit_pkts_dump,