patch-2.4.25 linux-2.4.25/net/ipv4/netfilter/ipt_limit.c

• Lines: 38
• Date: 2004-02-18 05:36:32.000000000 -0800
• Orig file: linux-2.4.24/net/ipv4/netfilter/ipt_limit.c
• Orig date: 2001-09-30 12:26:08.000000000 -0700

diff -urN linux-2.4.24/net/ipv4/netfilter/ipt_limit.c linux-2.4.25/net/ipv4/netfilter/ipt_limit.c
@@ -34,12 +34,23 @@
 
    See Alexey's formal explanation in net/sched/sch_tbf.c.
 
-   To avoid underflow, we multiply by 128 (ie. you get 128 credits per
-   jiffy).  Hence a cost of 2^32-1, means one pass per 32768 seconds
-   at 1024HZ (or one every 9 hours).  A cost of 1 means 12800 passes
-   per second at 100HZ.  */
+   To get the maxmum range, we multiply by this factor (ie. you get N
+   credits per jiffy).  We want to allow a rate as low as 1 per day
+   (slowest userspace tool allows), which means
+   CREDITS_PER_JIFFY*HZ*60*60*24 < 2^32. ie. */
+#define MAX_CPJ (0xFFFFFFFF / (HZ*60*60*24))
+
+/* Repeated shift and or gives us all 1s, final shift and add 1 gives
+ * us the power of 2 below the theoretical max, so GCC simply does a
+ * shift. */
+#define _POW2_BELOW2(x) ((x)|((x)>>1))
+#define _POW2_BELOW4(x) (_POW2_BELOW2(x)|_POW2_BELOW2((x)>>2))
+#define _POW2_BELOW8(x) (_POW2_BELOW4(x)|_POW2_BELOW4((x)>>4))
+#define _POW2_BELOW16(x) (_POW2_BELOW8(x)|_POW2_BELOW8((x)>>8))
+#define _POW2_BELOW32(x) (_POW2_BELOW16(x)|_POW2_BELOW16((x)>>16))
+#define POW2_BELOW32(x) ((_POW2_BELOW32(x)>>1) + 1)
 
-#define CREDITS_PER_JIFFY 128
+#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
 
 static int
 ipt_limit_match(const struct sk_buff *skb,
@@ -97,7 +108,7 @@
 	/* Check for overflow. */
 	if (r->burst == 0
 	    || user2credits(r->avg * r->burst) < user2credits(r->avg)) {
-		printk("Call rusty: overflow in ipt_limit: %u/%u\n",
+		printk("Overflow in ipt_limit, try lower: %u/%u\n",
 		       r->avg, r->burst);
 		return 0;
 	}