diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-21 03:55:31 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-26 12:35:06 +0200 |
| commit | 79a7dc4da9702d05c5085acffe1c4f9cf72c26a6 (patch) | |
| tree | df8160a06c0d7ed61a71b014b970bd8f0e8add9c /src/ratelimiter.h | |
| parent | curve25519: keep certain sandy2x functions in C (diff) | |
| download | wireguard-monolithic-historical-79a7dc4da9702d05c5085acffe1c4f9cf72c26a6.tar.xz wireguard-monolithic-historical-79a7dc4da9702d05c5085acffe1c4f9cf72c26a6.zip | |
ratelimiter: rewrite from scratch
This not only removes the depenency on x_tables, but it also gives us
much better performance and memory usage. Now, systems are able to have
millions of WireGuard interfaces, without having to worry about a
thundering herd of garbage collection.
Diffstat (limited to 'src/ratelimiter.h')
| -rw-r--r-- | src/ratelimiter.h | 22 |
1 files changed, 4 insertions, 18 deletions
diff --git a/src/ratelimiter.h b/src/ratelimiter.h index c4dc9a7..fed73f7 100644 --- a/src/ratelimiter.h +++ b/src/ratelimiter.h @@ -3,24 +3,10 @@ #ifndef RATELIMITER_H #define RATELIMITER_H -#include <uapi/linux/netfilter/xt_hashlimit.h> +#include <linux/skbuff.h> -struct wireguard_device; -struct sk_buff; - -struct ratelimiter { - struct net *net; - struct xt_hashlimit_mtinfo1 v4_info; -#if IS_ENABLED(CONFIG_IPV6) - struct xt_hashlimit_mtinfo1 v6_info; -#endif -}; - -int ratelimiter_init(struct ratelimiter *ratelimiter, struct wireguard_device *wg); -void ratelimiter_uninit(struct ratelimiter *ratelimiter); -bool ratelimiter_allow(struct ratelimiter *ratelimiter, struct sk_buff *skb); - -int ratelimiter_module_init(void); -void ratelimiter_module_deinit(void); +int ratelimiter_init(void); +void ratelimiter_uninit(void); +bool ratelimiter_allow(struct sk_buff *skb, struct net *net); #endif |