Create a unique hashtable for each instance of a per-IP rate limit

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-02-17 15:34:14 -08:00
parent b8fc1a9b22
commit 579f4d4698

View File

@ -262,6 +262,7 @@ our $chainseq;
our $idiotcount; our $idiotcount;
our $idiotcount1; our $idiotcount1;
our $warningcount; our $warningcount;
our $hashlimitset;
our $global_variables; our $global_variables;
@ -373,6 +374,7 @@ sub initialize( $ ) {
$idiotcount = 0; $idiotcount = 0;
$idiotcount1 = 0; $idiotcount1 = 0;
$warningcount = 0; $warningcount = 0;
$hashlimitset = 0;
# #
# The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined. # The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined.
# #
@ -2030,12 +2032,12 @@ sub do_ratelimit( $$ ) {
if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) { if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
$limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name "; $limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall'; $limit .= $2 ? $2 : 'shorewall' . $hashlimitset++;
$limit .= ' --hashlimit-mode '; $limit .= ' --hashlimit-mode ';
$units = $5; $units = $5;
} elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) { } elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) {
$limit .= "--$match $3 --hashlimit-name "; $limit .= "--$match $3 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall'; $limit .= $2 ? $2 : 'shorewall' . $hashlimitset++;
$limit .= ' --hashlimit-mode '; $limit .= ' --hashlimit-mode ';
$units = $5; $units = $5;
} else { } else {