ratelimiter: rewrite from scratch

This not only removes the depenency on x_tables, but it also gives us much better performance and memory usage. Now, systems are able to have millions of WireGuard interfaces, without having to worry about a thundering herd of garbage collection. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-06-21 03:55:31 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2017-06-26 12:35:06 +0200
commit: 9eed02a30cf9c5ad36c94724ca3ac3b8f09cf7d2 (patch)
tree: 4f9a7cbdf4bb70f4d39126829e5098c71d706698 /src/cookie.h
parent: a0ce9edb0eea7316e3bfe6b5c45235ea34652010 (diff)
1 files changed, 1 insertions, 4 deletions
diff --git a/src/cookie.h b/src/cookie.h
index c87d3dd..54d0d99 100644
--- a/src/cookie.h
+++ b/src/cookie.h
@@ -4,7 +4,6 @@
 #define WGCOOKIE_H
 
 #include "messages.h"
-#include "ratelimiter.h"
 #include <linux/rwsem.h>
 
 struct wireguard_peer;
@@ -17,7 +16,6 @@ struct cookie_checker {
 	u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN];
 	u64 secret_birthdate;
 	struct rw_semaphore secret_lock;
-	struct ratelimiter ratelimiter;
 	struct wireguard_device *device;
 };
 
@@ -39,8 +37,7 @@ enum cookie_mac_state {
 	VALID_MAC_WITH_COOKIE
 };
 
-int cookie_checker_init(struct cookie_checker *checker, struct wireguard_device *wg);
-void cookie_checker_uninit(struct cookie_checker *checker);
+void cookie_checker_init(struct cookie_checker *checker, struct wireguard_device *wg);
 void cookie_checker_precompute_device_keys(struct cookie_checker *checker);
 void cookie_checker_precompute_peer_keys(struct wireguard_peer *peer);
 void cookie_init(struct cookie *cookie);
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-06-21 03:55:31 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-06-26 12:35:06 +0200
commit	9eed02a30cf9c5ad36c94724ca3ac3b8f09cf7d2 (patch)
tree	4f9a7cbdf4bb70f4d39126829e5098c71d706698 /src/cookie.h
parent	a0ce9edb0eea7316e3bfe6b5c45235ea34652010 (diff)