doxygen/reflect__filter_8h_source.html

/*

 *  OpenVPN -- An application to securely tunnel IP networks

 *             over a single TCP/UDP port, with support for SSL/TLS-based

 *             session authentication and key exchange,

 *             packet encryption, packet authentication, and

 *             packet compression.

 *

 *  Copyright (C) 2022-2024 OpenVPN Inc <sales@openvpn.net>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License version 2

 *  as published by the Free Software Foundation.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, write to the Free Software Foundation, Inc.,

 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

 */

#ifndef REFLECT_FILTER_H

#define REFLECT_FILTER_H


#include <limits.h>


struct initial_packet_rate_limit {

    int64_t max_per_period;


    int period_length;


    int64_t curr_period_counter;


    /* Last time we reset our timer */

    time_t last_period_reset;


    /* we want to warn once per period that packets are being started to

     * be dropped */

    bool warning_displayed;

};

struct initial_packet_rate_limit {…};


bool

reflect_filter_rate_limit_check(struct initial_packet_rate_limit *irl);


void

reflect_filter_rate_limit_decrease(struct initial_packet_rate_limit *irl);


struct initial_packet_rate_limit *

initial_rate_limit_init(int max_per_period, int period_length);


void initial_rate_limit_free(struct initial_packet_rate_limit *irl);

#endif /* ifndef REFLECT_FILTER_H */

reflect_filter_rate_limit_decrease
void reflect_filter_rate_limit_decrease(struct initial_packet_rate_limit *irl)
decreases the counter of initial packets seen, so connections that successfully completed the three-w...
Definition reflect_filter.c:76

initial_rate_limit_free
void initial_rate_limit_free(struct initial_packet_rate_limit *irl)
free the initial-packet rate limiter structure
Definition reflect_filter.c:102

initial_rate_limit_init
struct initial_packet_rate_limit * initial_rate_limit_init(int max_per_period, int period_length)
allocate and initialize the initial-packet rate limiter structure
Definition reflect_filter.c:86

reflect_filter_rate_limit_check
bool reflect_filter_rate_limit_check(struct initial_packet_rate_limit *irl)
checks if the connection is still allowed to connect under the rate limit.
Definition reflect_filter.c:43

initial_packet_rate_limit
struct that handles all the rate limiting logic for initial responses
Definition reflect_filter.h:30

initial_packet_rate_limit::max_per_period
int64_t max_per_period
This is a hard limit for packets per seconds.
Definition reflect_filter.h:32

initial_packet_rate_limit::last_period_reset
time_t last_period_reset
Definition reflect_filter.h:42

initial_packet_rate_limit::period_length
int period_length
period length in seconds
Definition reflect_filter.h:35

initial_packet_rate_limit::curr_period_counter
int64_t curr_period_counter
Number of packets in the current period.
Definition reflect_filter.h:39

initial_packet_rate_limit::warning_displayed
bool warning_displayed
Definition reflect_filter.h:46