What do the fields in /proc/net/ipt_hashlimit/FILE mean?
These files are created upon iptables -A CHAIN -m hashlimit--hashlimit-name FILE [...]
[...] 9 198.51.100.23:0->0.0.0.0:0 80000 80000 160 [...]
The first column shows the time in seconds when the entry of the hashlimit will be removed by the garbage collection, if there are no matched packets for the rule.
The second column is based upon the mode you specify with --hashlimit-mode
In this case it is srcip. It shows the srcip here.
What are the meaning of columns 3,4 and 5?
答案1
基于 C 结构 (net/ipv4/netfilter/ipt_hashlimit.c) 和各种注释:
struct {
unsigned long prev; /* last modification */
u_int32_t credit;
u_int32_t credit_cap, cost;
} rateinfo;
似乎字段 3 到 5 具有以下含义:
- 3 是当前的“信用”(每 jiffy 重新增加 1)
- 4 是信用上限(成本 * “--hashlimit-burst”的设置)
- 5是成本(即每次规则匹配时减少多少信用)
如果信用值变为 0,则哈希条目已超出限制。
例如 :
8 A.B.C.D:0->0.0.0.0:0 6400 6400 1280
积分为 6400(满分 6400),每场比赛花费 1280。这基本上意味着该条目已补充其全部积分并且表现良好。