diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-21 03:55:31 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-26 12:35:06 +0200 |
| commit | 9eed02a30cf9c5ad36c94724ca3ac3b8f09cf7d2 (patch) | |
| tree | 4f9a7cbdf4bb70f4d39126829e5098c71d706698 /src/device.c | |
| parent | a0ce9edb0eea7316e3bfe6b5c45235ea34652010 (diff) | |
ratelimiter: rewrite from scratch
This not only removes the depenency on x_tables, but it also gives us
much better performance and memory usage. Now, systems are able to have
millions of WireGuard interfaces, without having to worry about a
thundering herd of garbage collection.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/device.c')
| -rw-r--r-- | src/device.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/device.c b/src/device.c index 7a2948a..1b975d9 100644 --- a/src/device.c +++ b/src/device.c @@ -5,6 +5,7 @@ #include "timers.h" #include "device.h" #include "config.h" +#include "ratelimiter.h" #include "peer.h" #include "uapi.h" #include "messages.h" @@ -251,10 +252,10 @@ static void destruct(struct net_device *dev) destroy_workqueue(wg->crypt_wq); #endif routing_table_free(&wg->peer_routing_table); + ratelimiter_uninit(); memzero_explicit(&wg->static_identity, sizeof(struct noise_static_identity)); skb_queue_purge(&wg->incoming_handshakes); socket_uninit(wg); - cookie_checker_uninit(&wg->cookie_checker); mutex_unlock(&wg->device_update_lock); free_percpu(dev->tstats); free_percpu(wg->incoming_handshakes_worker); @@ -314,6 +315,7 @@ static int newlink(struct net *src_net, struct net_device *dev, struct nlattr *t pubkey_hashtable_init(&wg->peer_hashtable); index_hashtable_init(&wg->index_hashtable); routing_table_init(&wg->peer_routing_table); + cookie_checker_init(&wg->cookie_checker, wg); INIT_LIST_HEAD(&wg->peer_list); dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats); @@ -353,7 +355,7 @@ static int newlink(struct net *src_net, struct net_device *dev, struct nlattr *t padata_start(wg->decrypt_pd); #endif - ret = cookie_checker_init(&wg->cookie_checker, wg); + ret = ratelimiter_init(); if (ret < 0) goto error_8; @@ -368,8 +370,8 @@ static int newlink(struct net *src_net, struct net_device *dev, struct nlattr *t #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0) error_9: + ratelimiter_uninit(); #endif - cookie_checker_uninit(&wg->cookie_checker); error_8: #ifdef CONFIG_WIREGUARD_PARALLEL padata_free(wg->decrypt_pd); |