From c545e65cea69d91b299988bc09757bc9dd0af995 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 7 Apr 2009 03:23:01 +0000
Subject: [PATCH] First part of 'hashlimit' implemenation

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9826 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/Perl/Shorewall/Chains.pm | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index f3f0af5f4..4232521b1 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1530,8 +1530,27 @@ sub do_ratelimit( $$ ) {
     return '' unless $rate and $rate ne '-';
 
     fatal_error "Rate Limiting not available with $action" if $norate{$action};
+    #
+    # "-m hashlimit" match for the passed LIMIT/BURST 
+    #
+    if ( $rate =~ /^[sd]:{1,2}/ ) {
+	my $limit = "-m hashlimit ";
+	if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
+	    $limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name ";
+	    $limit .= $2 ? $2 : 'shorewall';
+	    $limit .= ' --hashlimit-mode ';
+	    if ( $rate =~ /^s:/ ) { $limit .= "srcip "; } else { $limit .= "dstip "; }
+	} elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) {
+	    $limit .= "--hashlimit $3 --hashlimit-name ";
+	    $limit .= $2 ? $2 : 'shorewall';
+	    $limit .= ' --hashlimit-mode ';
+	    if ( $rate =~ /^s:/ ) { $limit .= "srcip "; } else { $limit .= "dstip "; }
+	} else {
+	    fatal_error "Invalid rate ($rate)";
+	}
 
-    if ( $rate =~ /^(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
+	$limit;     
+    } elsif ( $rate =~ /^(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
 	"-m limit --limit $1 --limit-burst $4 ";
     } elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ )  {
 	"-m limit --limit $rate ";