summaryrefslogtreecommitdiffhomepage
path: root/src/ratelimiter.h
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2017-06-21 03:55:31 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2017-06-26 12:35:06 +0200
commit9eed02a30cf9c5ad36c94724ca3ac3b8f09cf7d2 (patch)
tree4f9a7cbdf4bb70f4d39126829e5098c71d706698 /src/ratelimiter.h
parenta0ce9edb0eea7316e3bfe6b5c45235ea34652010 (diff)
ratelimiter: rewrite from scratch
This not only removes the depenency on x_tables, but it also gives us much better performance and memory usage. Now, systems are able to have millions of WireGuard interfaces, without having to worry about a thundering herd of garbage collection. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/ratelimiter.h')
-rw-r--r--src/ratelimiter.h22
1 files changed, 4 insertions, 18 deletions
diff --git a/src/ratelimiter.h b/src/ratelimiter.h
index c4dc9a7..fed73f7 100644
--- a/src/ratelimiter.h
+++ b/src/ratelimiter.h
@@ -3,24 +3,10 @@
#ifndef RATELIMITER_H
#define RATELIMITER_H
-#include <uapi/linux/netfilter/xt_hashlimit.h>
+#include <linux/skbuff.h>
-struct wireguard_device;
-struct sk_buff;
-
-struct ratelimiter {
- struct net *net;
- struct xt_hashlimit_mtinfo1 v4_info;
-#if IS_ENABLED(CONFIG_IPV6)
- struct xt_hashlimit_mtinfo1 v6_info;
-#endif
-};
-
-int ratelimiter_init(struct ratelimiter *ratelimiter, struct wireguard_device *wg);
-void ratelimiter_uninit(struct ratelimiter *ratelimiter);
-bool ratelimiter_allow(struct ratelimiter *ratelimiter, struct sk_buff *skb);
-
-int ratelimiter_module_init(void);
-void ratelimiter_module_deinit(void);
+int ratelimiter_init(void);
+void ratelimiter_uninit(void);
+bool ratelimiter_allow(struct sk_buff *skb, struct net *net);
#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 17:29:22 +0000