OpenVPN
reflect_filter.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2022-2023 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 #ifndef REFLECT_FILTER_H
24 #define REFLECT_FILTER_H
25 
26 #include <limits.h>
27 
30 struct initial_packet_rate_limit {
32  int64_t max_per_period;
33 
35  int period_length;
36 
39  int64_t curr_period_counter;
40 
41  /* Last time we reset our timer */
42  time_t last_period_reset;
43 
44  /* we want to warn once per period that packets are being started to
45  * be dropped */
46  bool warning_displayed;
47 };
48 
49 
54 bool
55 reflect_filter_rate_limit_check(struct initial_packet_rate_limit *irl);
56 
62 void
63 reflect_filter_rate_limit_decrease(struct initial_packet_rate_limit *irl);
64 
68 struct initial_packet_rate_limit *
69 initial_rate_limit_init(int max_per_period, int period_length);
70 
74 void initial_rate_limit_free(struct initial_packet_rate_limit *irl);
75 #endif /* ifndef REFLECT_FILTER_H */
initial_packet_rate_limit
struct that handles all the rate limiting logic for initial responses
Definition: reflect_filter.h:30
initial_packet_rate_limit::period_length
int period_length
period length in seconds
Definition: reflect_filter.h:35
initial_rate_limit_init
struct initial_packet_rate_limit * initial_rate_limit_init(int max_per_period, int period_length)
allocate and initialize the initial-packet rate limiter structure
Definition: reflect_filter.c:86
initial_packet_rate_limit::curr_period_counter
int64_t curr_period_counter
Number of packets in the current period.
Definition: reflect_filter.h:39
reflect_filter_rate_limit_decrease
void reflect_filter_rate_limit_decrease(struct initial_packet_rate_limit *irl)
decreases the counter of initial packets seen, so connections that successfully completed the three-w...
Definition: reflect_filter.c:76
reflect_filter_rate_limit_check
bool reflect_filter_rate_limit_check(struct initial_packet_rate_limit *irl)
checks if the connection is still allowed to connect under the rate limit.
Definition: reflect_filter.c:43
initial_packet_rate_limit::last_period_reset
time_t last_period_reset
Definition: reflect_filter.h:42
initial_packet_rate_limit::warning_displayed
bool warning_displayed
Definition: reflect_filter.h:46
initial_rate_limit_free
void initial_rate_limit_free(struct initial_packet_rate_limit *irl)
free the initial-packet rate limiter structure
Definition: reflect_filter.c:102
initial_packet_rate_limit::max_per_period
int64_t max_per_period
This is a hard limit for packets per seconds.
Definition: reflect_filter.h:32
Generated by   doxygen 1.8.17