From: Stephen Frost <sfrost@snowman.net>
To: Netfilter Devel List <netfilter-devel@lists.samba.org>
Subject: ipt_recent-0.2.1 [PATCH]
Date: Tue, 18 Jun 2002 00:34:39 -0400 [thread overview]
Message-ID: <20020618043438.GV9519@ns> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 2118 bytes --]
Hey all,
Version 0.2.1 of my ipt_recent module has been up and running on my
production firewall for over a week now (8 days) and I've gotten
reports from other people that they're using the module and everything
is working. Since I havn't had any bug reports and everything has
been working fine for me I'm submitting this patch against the current
netfilter tree to bring ipt_recent up to the current version in the
CVS tree. Harald, as opportunity allows I'd appriciate having this
patch incorporated into the netfilter tree. Following is the
ChangeLog:
Big Changes:
- The module is now hash-based for lookups and a sorted list is
maintained for finding the oldest address in the list (which will be
replaced by the newest once the table is full).
- Multiple tables supported now
- /proc/net/ipt_recent is now a directory where each file is a table
- Source and Destination address matching ability, per table.
- Alot of printk's for debugging, if you turn it on.
- Finer grained locking; locks for a short time to locate the table to
perform the match on and then locks that table and unlocks the
overall lock; so, speed increase with multiple tables for SMP
systems, though I think you'd have to throw alot at the system to
really notice..
- Changed basically everything to use vmalloc's instead of kmalloc;
mallocs of any kind are only done when the module is inserted or a
new table is created so there isn't any reason to use kalloc.
Smaller Changes:
- Fixed argument processing
- Changed method used to clear out a table (echo "clear" > table now)
- Updated documentation for changes
- Increased default table size to 100 since table size affects
performance much, much, much less now.
- Cleaned up some of the formatting of the files
- Added versioning to the module
All in all I feel very comfortable with this module and look forward
to seeing the netfilter CVS version updated with all of the
improvments and the many bug fixes.
Any questions, comments, please feel free to contact me.
Thanks,
Stephen
[-- Attachment #1.2: ipt_recent-0.2.1.patch.gz --]
[-- Type: application/octet-stream, Size: 8796 bytes --]
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
next reply other threads:[~2002-06-18 4:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-18 4:34 Stephen Frost [this message]
2002-06-21 17:17 ` ipt_recent-0.2.1 [PATCH] Harald Welte
2002-06-21 18:26 ` [PATCH] ipt_recent-0.2.2 Stephen Frost
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020618043438.GV9519@ns \
--to=sfrost@snowman.net \
--cc=netfilter-devel@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.