Don't use modules

Feel free to revert this if you have a strong feeling about it. But so
far as I can see, it adds a lot of complexity for basically no upsides.

ratelimiter.go

@@ -0,0 +1,149 @@
+package main
+
+/* Copyright (C) 2015-2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. */
+
+/* This file contains a port of the rate-limiter from the linux kernel version */
+
+import (
+	"net"
+	"sync"
+	"time"
+)
+
+const (
+	packetsPerSecond   = 20
+	packetsBurstable   = 5
+	garbageCollectTime = time.Second
+	packetCost         = 1000000000 / packetsPerSecond
+	maxTokens          = packetCost * packetsBurstable
+)
+
+type RatelimiterEntry struct {
+	mutex    sync.Mutex
+	lastTime time.Time
+	tokens   int64
+}
+
+type Ratelimiter struct {
+	mutex     sync.RWMutex
+	stop      chan struct{}
+	tableIPv4 map[[net.IPv4len]byte]*RatelimiterEntry
+	tableIPv6 map[[net.IPv6len]byte]*RatelimiterEntry
+}
+
+func (rate *Ratelimiter) Close() {
+	rate.mutex.Lock()
+	defer rate.mutex.Unlock()
+
+	if rate.stop != nil {
+		close(rate.stop)
+	}
+}
+
+func (rate *Ratelimiter) Init() {
+	rate.mutex.Lock()
+	defer rate.mutex.Unlock()
+
+	// stop any ongoing garbage collection routine
+
+	if rate.stop != nil {
+		close(rate.stop)
+	}
+
+	rate.stop = make(chan struct{})
+	rate.tableIPv4 = make(map[[net.IPv4len]byte]*RatelimiterEntry)
+	rate.tableIPv6 = make(map[[net.IPv6len]byte]*RatelimiterEntry)
+
+	// start garbage collection routine
+
+	go func() {
+		timer := time.NewTimer(time.Second)
+		for {
+			select {
+			case <-rate.stop:
+				return
+			case <-timer.C:
+				func() {
+					rate.mutex.Lock()
+					defer rate.mutex.Unlock()
+
+					for key, entry := range rate.tableIPv4 {
+						entry.mutex.Lock()
+						if time.Now().Sub(entry.lastTime) > garbageCollectTime {
+							delete(rate.tableIPv4, key)
+						}
+						entry.mutex.Unlock()
+					}
+
+					for key, entry := range rate.tableIPv6 {
+						entry.mutex.Lock()
+						if time.Now().Sub(entry.lastTime) > garbageCollectTime {
+							delete(rate.tableIPv6, key)
+						}
+						entry.mutex.Unlock()
+					}
+				}()
+				timer.Reset(time.Second)
+			}
+		}
+	}()
+}
+
+func (rate *Ratelimiter) Allow(ip net.IP) bool {
+	var entry *RatelimiterEntry
+	var KeyIPv4 [net.IPv4len]byte
+	var KeyIPv6 [net.IPv6len]byte
+
+	// lookup entry
+
+	IPv4 := ip.To4()
+	IPv6 := ip.To16()
+
+	rate.mutex.RLock()
+
+	if IPv4 != nil {
+		copy(KeyIPv4[:], IPv4)
+		entry = rate.tableIPv4[KeyIPv4]
+	} else {
+		copy(KeyIPv6[:], IPv6)
+		entry = rate.tableIPv6[KeyIPv6]
+	}
+
+	rate.mutex.RUnlock()
+
+	// make new entry if not found
+
+	if entry == nil {
+		rate.mutex.Lock()
+		entry = new(RatelimiterEntry)
+		entry.tokens = maxTokens - packetCost
+		entry.lastTime = time.Now()
+		if IPv4 != nil {
+			rate.tableIPv4[KeyIPv4] = entry
+		} else {
+			rate.tableIPv6[KeyIPv6] = entry
+		}
+		rate.mutex.Unlock()
+		return true
+	}
+
+	// add tokens to entry
+
+	entry.mutex.Lock()
+	now := time.Now()
+	entry.tokens += now.Sub(entry.lastTime).Nanoseconds()
+	entry.lastTime = now
+	if entry.tokens > maxTokens {
+		entry.tokens = maxTokens
+	}
+
+	// subtract cost of packet
+
+	if entry.tokens > packetCost {
+		entry.tokens -= packetCost
+		entry.mutex.Unlock()
+		return true
+	}
+	entry.mutex.Unlock()
+	return false
+}