| blob | fda7b7dec27d26404e08a79851e7fa052c63a021 |
1 /* Kernel module to control the rate
2 *
3 * 2 September 1999: Changed from the target RATE to the match
4 * `limit', removed logging. Did I mention that
5 * Alexey is a fucking genius?
6 * Rusty Russell (rusty@rustcorp.com.au). */
8 /* (C) 1999 Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
9 * (C) 1999 Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
14 */
16 #include <linux/module.h>
17 #include <linux/skbuff.h>
18 #include <linux/spinlock.h>
19 #include <linux/interrupt.h>
21 #include <linux/netfilter/x_tables.h>
22 #include <linux/netfilter/xt_limit.h>
30 /* The algorithm used is the Simple Token Bucket Filter (TBF)
31 * see net/sched/sch_tbf.c in the linux source tree
32 */
36 /* Rusty: This is my (non-mathematically-inclined) understanding of
37 this algorithm. The `average rate' in jiffies becomes your initial
38 amount of credit `credit' and the most credit you can ever have
39 `credit_cap'. The `peak rate' becomes the cost of passing the
40 test, `cost'.
42 `prev' tracks the last packet hit: you gain one credit per jiffy.
43 If you get credit balance more than this, the extra credit is
44 discarded. Every time the match passes, you lose `cost' credits;
45 if you don't have that many, the test fails.
47 See Alexey's formal explanation in net/sched/sch_tbf.c.
49 To get the maxmum range, we multiply by this factor (ie. you get N
50 credits per jiffy). We want to allow a rate as low as 1 per day
51 (slowest userspace tool allows), which means
52 CREDITS_PER_JIFFY*HZ*60*60*24 < 2^32. ie. */
53 #define MAX_CPJ (0xFFFFFFFF / (HZ*60*60*24))
55 /* Repeated shift and or gives us all 1s, final shift and add 1 gives
56 * us the power of 2 below the theoretical max, so GCC simply does a
57 * shift. */
58 #define _POW2_BELOW2(x) ((x)|((x)>>1))
59 #define _POW2_BELOW4(x) (_POW2_BELOW2(x)|_POW2_BELOW2((x)>>2))
60 #define _POW2_BELOW8(x) (_POW2_BELOW4(x)|_POW2_BELOW4((x)>>4))
61 #define _POW2_BELOW16(x) (_POW2_BELOW8(x)|_POW2_BELOW8((x)>>8))
62 #define _POW2_BELOW32(x) (_POW2_BELOW16(x)|_POW2_BELOW16((x)>>16))
63 #define POW2_BELOW32(x) ((_POW2_BELOW32(x)>>1) + 1)
65 #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
67 static int
76 {
86 /* We're not limited. */
90 }
94 }
96 /* Precision saver. */
97 static u_int32_t
99 {
100 /* If multiplying would overflow... */
102 /* Divide first. */
106 }
108 static int
114 {
117 /* Check for overflow. */
123 }
125 /* For SMP, we only want to use one set of counters. */
128 /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
129 128. */
134 }
136 }
138 #ifdef CONFIG_COMPAT
140 u_int32_t avg;
141 u_int32_t burst;
143 compat_ulong_t prev;
144 u_int32_t credit;
147 u_int32_t master;
148 };
150 /* To keep the full "prev" timestamp, the upper 32 bits are stored in the
151 * master pointer, which does not need to be preserved. */
153 {
162 };
164 }
167 {
177 };
179 }
183 {
189 #ifdef CONFIG_COMPAT
193 #endif
195 },
196 {
203 },
204 };
207 {
209 }
212 {
214 }