From 06733b885c35e5bf83505d064c55ccdda848ac01 Mon Sep 17 00:00:00 2001 From: xchaos Date: Mon, 18 Nov 2013 13:18:52 +0000 Subject: [PATCH] there seems to be hardcoded maximum limit 10000 packets/sec in iptables git-svn-id: https://dev.arachne.cz/repos/prometheus/trunk@233 251d49ef-1d17-4917-a970-b30cf55b089b --- parsehosts.c | 9 +++++++-- prometheus.c | 19 ++++++++++++------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/parsehosts.c b/parsehosts.c index 5014ffb..9ae1d81 100644 --- a/parsehosts.c +++ b/parsehosts.c @@ -258,10 +258,15 @@ void parse_hosts(char *hosts) ip->max = ip->min; } } - + /* MTU is 1450 bytes = 11600 bits ~= 12 kbit, max is in kb/s */ ip->pps_limit = ip->max/12; - ip->mark = FIRSTIPCLASS+1+class_count++; + if(ip->pps_limit > 10000) /* this limit seems to be hardcoded in iptables */ + { + ip->pps_limit = 0; /* do not apply packet limits */ + } + + ip->mark = FIRSTIPCLASS+1+class_count++; update_network(ip->addr, ip); if_exists(group,groups,(group->min == ip->min)) diff --git a/prometheus.c b/prometheus.c index c88857b..279da9b 100644 --- a/prometheus.c +++ b/prometheus.c @@ -1127,16 +1127,24 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version); chain_postrouting="POSTROUTING"; } + /* packet limits - this will be optional in future, hardcoded for now */ + if(ip->pps_limit) + { + sprintf(limit_pkts, "-m limit --limit %d/s ", ip->pps_limit); + } + else + { + *limit_pkts = 0; + } + #ifdef DEBUG - printf("%-22s %-16s %04d ", ip->name, ip->addr, ip->mark); + printf("%-22s %-16s %04d %d/s\n", ip->name, ip->addr, ip->mark, ip->pps_limit); #endif - /* -------------------------------------------------------- mark download */ - + /* -------------------------------------------------------- mark download */ sprintf(str, "-A %s -d %s/%d -o %s -j %s%d", chain_postrouting, ip->addr, 32*(1+ip->v6), lan, mark_iptables, ip->mark); - /* -m limit --limit 1/s */ iptables_save_line(str, ip->v6); if(qos_proxy) @@ -1147,9 +1155,6 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version); iptables_save_line(str, ip->v6); } - /* this will be optional in future - hardcoded for now*/ - sprintf(limit_pkts,"-m limit --limit %d/s ", ip->pps_limit); - sprintf(str, "-A %s -d %s/%d -o %s %s-j ACCEPT", chain_postrouting, ip->addr, 32*(1+ip->v6), lan, limit_pkts); iptables_save_line(str, ip->v6); -- 2.30.2