data: big refactoring

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-03-15 19:20:58 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2017-03-20 01:02:06 +0100
commit: 2e6e03366543069811c9ea189340a73cd000a29b (patch)
tree: d3fcd8e802587ee94dafb01ce3c5b56b97710528 /src/ratelimiter.c
parent: 05acbf5bbbf5f6a377dc001ac945ea8e214c87b8 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/ratelimiter.c b/src/ratelimiter.c
index 12282fd..ab8f93d 100644
--- a/src/ratelimiter.c
+++ b/src/ratelimiter.c
@@ -25,7 +25,7 @@ static inline void cfg_init(struct hashlimit_cfg1 *cfg, int family)
 		cfg->srcmask = 32;
 	else if (family == NFPROTO_IPV6)
 		cfg->srcmask = 96;
-	cfg->mode = XT_HASHLIMIT_HASH_SIP; /* source IP only -- we could also do source port by ORing this with XT_HASHLIMIT_HASH_SPT */
+	cfg->mode = XT_HASHLIMIT_HASH_SIP; /* source IP only -- we could also do source port by ORing this with XT_HASHLIMIT_HASH_SPT, but we don't really want to do that. It would also cause problems since we skb_pull early on, and hashlimit's nexthdr stuff isn't so nice. */
 	cfg->avg = XT_HASHLIMIT_SCALE / RATELIMITER_PACKETS_PER_SECOND; /* 30 per second per IP */
 	cfg->burst = RATELIMITER_PACKETS_BURSTABLE; /* Allow bursts of 5 at a time */
 	cfg->gc_interval = 1000; /* same as expiration date */
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-03-15 19:20:58 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-03-20 01:02:06 +0100
commit	2e6e03366543069811c9ea189340a73cd000a29b (patch)
tree	d3fcd8e802587ee94dafb01ce3c5b56b97710528 /src/ratelimiter.c
parent	05acbf5bbbf5f6a377dc001ac945ea8e214c87b8 (diff)