From patchwork Wed Aug 19 19:18:25 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pablo Neira Ayuso <pablo@netfilter.org>
X-Patchwork-Id: 508819
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id D79A8140772
	for <patchwork-incoming@ozlabs.org>;
	Thu, 20 Aug 2015 05:13:31 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752005AbbHSTMs (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Wed, 19 Aug 2015 15:12:48 -0400
Received: from mail.us.es ([193.147.175.20]:44914 "EHLO mail.us.es"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751898AbbHSTMq (ORCPT <rfc822;netdev@vger.kernel.org>);
	Wed, 19 Aug 2015 15:12:46 -0400
Received: (qmail 9965 invoked from network); 19 Aug 2015 21:12:45 +0200
Received: from unknown (HELO us.es) (192.168.2.15)
	by us.es with SMTP; 19 Aug 2015 21:12:45 +0200
Received: (qmail 502 invoked by uid 507); 19 Aug 2015 19:12:45 -0000
X-Qmail-Scanner-Diagnostics: from 127.0.0.1 by antivirus5 (envelope-from
	<pablo@netfilter.org>, uid 501) with qmail-scanner-2.10
	(clamdscan: 0.98.7/20809. spamassassin: 3.4.0.  
	Clear:RC:1(127.0.0.1):SA:0(-102.8/7.5):.
	Processed in 1.872791 secs); 19 Aug 2015 19:12:45 -0000
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on antivirus5
X-Spam-Level: 
X-Spam-Status: No, score=-102.8 required=7.5 tests=BAYES_50,RDNS_NONE,
	SMTPAUTH_US,USER_IN_WHITELIST autolearn=disabled version=3.4.0
X-Spam-ASN: AS18647 69.84.240.0/20
X-Envelope-From: pablo@netfilter.org
Received: from unknown (HELO antivirus5) (127.0.0.1)
	by us.es with SMTP; 19 Aug 2015 19:12:43 -0000
Received: from 192.168.1.13 (192.168.1.13)
	by antivirus5 (F-Secure/fsigk_smtp/412/antivirus5);
	Wed, 19 Aug 2015 21:12:43 +0200 (CEST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/412/antivirus5)
Received: (qmail 17329 invoked from network); 19 Aug 2015 21:12:43 +0200
Received: from unknown (HELO salvia.event.rightround.com)
	(pneira@us.es@69.84.245.29)
	by mail.us.es with SMTP; 19 Aug 2015 21:12:43 +0200
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 09/15] netfilter: nft_limit: constant token cost per packet
Date: Wed, 19 Aug 2015 21:18:25 +0200
Message-Id: <1440011911-4359-10-git-send-email-pablo@netfilter.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1440011911-4359-1-git-send-email-pablo@netfilter.org>
References: <1440011911-4359-1-git-send-email-pablo@netfilter.org>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The cost per packet can be calculated from the control plane path since this
doesn't ever change.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nft_limit.c |   25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c
index d8c5ff1..b418698 100644
--- a/net/netfilter/nft_limit.c
+++ b/net/netfilter/nft_limit.c
@@ -98,13 +98,18 @@ nla_put_failure:
 	return -1;
 }
 
+struct nft_limit_pkts {
+	struct nft_limit	limit;
+	u64			cost;
+};
+
 static void nft_limit_pkts_eval(const struct nft_expr *expr,
 				struct nft_regs *regs,
 				const struct nft_pktinfo *pkt)
 {
-	struct nft_limit *priv = nft_expr_priv(expr);
+	struct nft_limit_pkts *priv = nft_expr_priv(expr);
 
-	if (nft_limit_eval(priv, div_u64(priv->nsecs, priv->rate)))
+	if (nft_limit_eval(&priv->limit, priv->cost))
 		regs->verdict.code = NFT_BREAK;
 }
 
@@ -118,22 +123,28 @@ static int nft_limit_pkts_init(const struct nft_ctx *ctx,
 			       const struct nft_expr *expr,
 			       const struct nlattr * const tb[])
 {
-	struct nft_limit *priv = nft_expr_priv(expr);
+	struct nft_limit_pkts *priv = nft_expr_priv(expr);
+	int err;
 
-	return nft_limit_init(priv, tb);
+	err = nft_limit_init(&priv->limit, tb);
+	if (err < 0)
+		return err;
+
+	priv->cost = div_u64(priv->limit.nsecs, priv->limit.rate);
+	return 0;
 }
 
 static int nft_limit_pkts_dump(struct sk_buff *skb, const struct nft_expr *expr)
 {
-	const struct nft_limit *priv = nft_expr_priv(expr);
+	const struct nft_limit_pkts *priv = nft_expr_priv(expr);
 
-	return nft_limit_dump(skb, priv);
+	return nft_limit_dump(skb, &priv->limit);
 }
 
 static struct nft_expr_type nft_limit_type;
 static const struct nft_expr_ops nft_limit_pkts_ops = {
 	.type		= &nft_limit_type,
-	.size		= NFT_EXPR_SIZE(sizeof(struct nft_limit)),
+	.size		= NFT_EXPR_SIZE(sizeof(struct nft_limit_pkts)),
 	.eval		= nft_limit_pkts_eval,
 	.init		= nft_limit_pkts_init,
 	.dump		= nft_limit_pkts_dump,