more DoS prevention: add packet_limit option to apply a hard limit to downstream...

[l2tpns.git] / l2tpns.h

diff --git a/l2tpns.h b/l2tpns.h
index 5245948..f27f02e 100644 (file)
--- a/l2tpns.h
+++ b/l2tpns.h
@@ -1,5 +1,5 @@
 // L2TPNS Global Stuff
-// $Id: l2tpns.h,v 1.51 2005-01-07 07:17:13 bodea Exp $
+// $Id: l2tpns.h,v 1.52 2005-01-10 07:17:37 bodea Exp $
 
 #ifndef __L2TPNS_H__
 #define __L2TPNS_H__
@@ -228,8 +228,14 @@ sessiont;
 
 typedef struct
 {
+       // byte counters
        uint32_t cin;
        uint32_t cout;
+
+       // DoS prevention
+       clockt last_packet_out;
+       uint32_t packets_out;
+       uint32_t packets_dropped;
 } sessioncountt;
 
 #define        SESSIONPFC      1       // PFC negotiated flags
@@ -333,6 +339,7 @@ struct Tstats
     uint32_t   tun_tx_bytes;
     uint32_t   tun_rx_errors;
     uint32_t   tun_tx_errors;
+    uint32_t   tun_rx_dropped;
 
     uint32_t   tunnel_rx_packets;
     uint32_t   tunnel_tx_packets;
@@ -470,7 +477,8 @@ typedef struct
        int             next_tbf;                       // Next HTB id available to use
        int             scheduler_fifo;                 // If the system has multiple CPUs, use FIFO scheduling policy for this process.
        int             lock_pages;                     // Lock pages into memory.
-       int             icmp_rate;                      // Max number of ICMP unreachable per second to send>
+       int             icmp_rate;                      // Max number of ICMP unreachable per second to send
+       int             max_packets;                    // DoS prevention: per session limit of packets/0.1s
 
        in_addr_t       cluster_address;                // Multicast address of cluster.
                                                        // Send to this address to have everyone hear.