From fa1f277dc49b5cb4d36a44b024ed8b6187c9bb1c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 4 Jul 2017 06:25:51 +0200 Subject: ratelimiter: use IPv6 /64 instead of /96 --- src/ratelimiter.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'src/ratelimiter.c') diff --git a/src/ratelimiter.c b/src/ratelimiter.c index ebad1f4..4bb08ac 100644 --- a/src/ratelimiter.c +++ b/src/ratelimiter.c @@ -21,8 +21,8 @@ static struct hlist_head *table_v6; struct entry { u64 last_time_ns, tokens; + __be64 ip; void *net; - __be32 ip[3]; spinlock_t lock; struct hlist_node hash; struct rcu_head rcu; @@ -79,23 +79,23 @@ bool ratelimiter_allow(struct sk_buff *skb, struct net *net) { struct entry *entry; struct hlist_head *bucket; - struct { u32 net; __be32 ip[3]; } data = { .net = (unsigned long)net & 0xffffffff }; + struct { __be64 ip; u32 net; } data = { .net = (unsigned long)net & 0xffffffff }; if (skb->protocol == htons(ETH_P_IP)) { - data.ip[0] = ip_hdr(skb)->saddr; - bucket = &table_v4[hsiphash(&data, sizeof(u32) * 2, &key) & (table_size - 1)]; + data.ip = (__force __be64)ip_hdr(skb)->saddr; + bucket = &table_v4[hsiphash(&data, sizeof(u32) * 3, &key) & (table_size - 1)]; } #if IS_ENABLED(CONFIG_IPV6) else if (skb->protocol == htons(ETH_P_IPV6)) { - memcpy(data.ip, &ipv6_hdr(skb)->saddr, sizeof(u32) * 3); /* Only 96 bits */ - bucket = &table_v6[hsiphash(&data, sizeof(u32) * 4, &key) & (table_size - 1)]; + memcpy(&data.ip, &ipv6_hdr(skb)->saddr, sizeof(__be64)); /* Only 64 bits */ + bucket = &table_v6[hsiphash(&data, sizeof(u32) * 3, &key) & (table_size - 1)]; } #endif else return false; rcu_read_lock(); hlist_for_each_entry_rcu (entry, bucket, hash) { - if (entry->net == net && !memcmp(entry->ip, data.ip, sizeof(data.ip))) { + if (entry->net == net && entry->ip == data.ip) { u64 now, tokens; bool ret; /* Inspired by nft_limit.c, but this is actually a slightly different @@ -122,7 +122,7 @@ bool ratelimiter_allow(struct sk_buff *skb, struct net *net) goto err_oom; entry->net = net; - memcpy(entry->ip, data.ip, sizeof(data.ip)); + entry->ip = data.ip; INIT_HLIST_NODE(&entry->hash); spin_lock_init(&entry->lock); entry->last_time_ns = ktime_get_ns(); -- cgit v1.2.3-59-g8ed1b