data: big refactoring

author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-03-15 19:20:58 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2017-03-20 01:02:06 +0100
commit: e16ba338168e00b0c2702ec5529280301c514d67 (patch)
tree: 8e92e5f428f263cee69f42a922047c234984f03a /src/ratelimiter.c
parent: curve25519: add AVX implementation (diff)
download: wireguard-monolithic-historical-e16ba338168e00b0c2702ec5529280301c514d67.tar.xz
wireguard-monolithic-historical-e16ba338168e00b0c2702ec5529280301c514d67.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/ratelimiter.c b/src/ratelimiter.c
index 12282fd..ab8f93d 100644
--- a/src/ratelimiter.c
+++ b/src/ratelimiter.c
@@ -25,7 +25,7 @@ static inline void cfg_init(struct hashlimit_cfg1 *cfg, int family)
 		cfg->srcmask = 32;
 	else if (family == NFPROTO_IPV6)
 		cfg->srcmask = 96;
-	cfg->mode = XT_HASHLIMIT_HASH_SIP; /* source IP only -- we could also do source port by ORing this with XT_HASHLIMIT_HASH_SPT */
+	cfg->mode = XT_HASHLIMIT_HASH_SIP; /* source IP only -- we could also do source port by ORing this with XT_HASHLIMIT_HASH_SPT, but we don't really want to do that. It would also cause problems since we skb_pull early on, and hashlimit's nexthdr stuff isn't so nice. */
 	cfg->avg = XT_HASHLIMIT_SCALE / RATELIMITER_PACKETS_PER_SECOND; /* 30 per second per IP */
 	cfg->burst = RATELIMITER_PACKETS_BURSTABLE; /* Allow bursts of 5 at a time */
 	cfg->gc_interval = 1000; /* same as expiration date */
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-03-15 19:20:58 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-03-20 01:02:06 +0100
commit	e16ba338168e00b0c2702ec5529280301c514d67 (patch)
tree	8e92e5f428f263cee69f42a922047c234984f03a /src/ratelimiter.c
parent	curve25519: add AVX implementation (diff)
download	wireguard-monolithic-historical-e16ba338168e00b0c2702ec5529280301c514d67.tar.xz wireguard-monolithic-historical-e16ba338168e00b0c2702ec5529280301c514d67.zip