From: "Linus Lüssing" <linus.luessing@c0d3.blue>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netdev@vger.kernel.org, bridge@lists.linux-foundation.org,
Florian Westphal <fw@strlen.de>,
linux-kernel@vger.kernel.org, coreteam@netfilter.org,
netfilter-devel@vger.kernel.org,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
"David S . Miller" <davem@davemloft.net>
Subject: Re: [Bridge] [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state
Date: Mon, 4 Dec 2017 05:53:35 +0100 [thread overview]
Message-ID: <20171204045335.GE3307@otheros> (raw)
In-Reply-To: <20171127233008.GA1418@salvia>
Hi Pablo,
Thanks for your reply!
On Tue, Nov 28, 2017 at 12:30:08AM +0100, Pablo Neira Ayuso wrote:
> [...]
> > diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
> > index 61a9f1be1263..f74b48633feb 100644
> > --- a/net/bridge/netfilter/ebt_limit.c
> > +++ b/net/bridge/netfilter/ebt_limit.c
> > @@ -69,6 +69,10 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
> > {
> > struct ebt_limit_info *info = par->matchinfo;
> >
> > + /* Do not reset state on unrelated table changes */
> > + if (info->prev)
> > + return 0;
>
> What kernel version are you using? I suspect you don't have this
> applied?
I'm indeed using a 4.4.102 kernel, as LEDE is still in the process
of updating to 4.14. So 4.4 with LEDE is where I got the measurement
results from.
>
> commit ec23189049651b16dc2ffab35a4371dc1f491aca
> Author: Willem de Bruijn <willemb@google.com>
> Date: Mon Jan 2 17:19:46 2017 -0500
>
> xtables: extend matches and targets with .usersize
And so, no I do not have this patch. I looked at it now, but it
does not seem to have any relation with .matchinfo, does it?
I also had a quick look at a 4.15-rc1 kernel in a VM now. I still
end up in ebt_limit_mt_check() with the variables being reset
when editing the table somewhere.
Regards, Linus
WARNING: multiple messages have this Message-ID (diff)
From: "Linus Lüssing" <linus.luessing@c0d3.blue>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netdev@vger.kernel.org, bridge@lists.linux-foundation.org,
Florian Westphal <fw@strlen.de>,
linux-kernel@vger.kernel.org, coreteam@netfilter.org,
netfilter-devel@vger.kernel.org,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
"David S . Miller" <davem@davemloft.net>
Subject: Re: [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state
Date: Mon, 4 Dec 2017 05:53:35 +0100 [thread overview]
Message-ID: <20171204045335.GE3307@otheros> (raw)
In-Reply-To: <20171127233008.GA1418@salvia>
Hi Pablo,
Thanks for your reply!
On Tue, Nov 28, 2017 at 12:30:08AM +0100, Pablo Neira Ayuso wrote:
> [...]
> > diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
> > index 61a9f1be1263..f74b48633feb 100644
> > --- a/net/bridge/netfilter/ebt_limit.c
> > +++ b/net/bridge/netfilter/ebt_limit.c
> > @@ -69,6 +69,10 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
> > {
> > struct ebt_limit_info *info = par->matchinfo;
> >
> > + /* Do not reset state on unrelated table changes */
> > + if (info->prev)
> > + return 0;
>
> What kernel version are you using? I suspect you don't have this
> applied?
I'm indeed using a 4.4.102 kernel, as LEDE is still in the process
of updating to 4.14. So 4.4 with LEDE is where I got the measurement
results from.
>
> commit ec23189049651b16dc2ffab35a4371dc1f491aca
> Author: Willem de Bruijn <willemb@google.com>
> Date: Mon Jan 2 17:19:46 2017 -0500
>
> xtables: extend matches and targets with .usersize
And so, no I do not have this patch. I looked at it now, but it
does not seem to have any relation with .matchinfo, does it?
I also had a quick look at a 4.15-rc1 kernel in a VM now. I still
end up in ebt_limit_mt_check() with the variables being reset
when editing the table somewhere.
Regards, Linus
WARNING: multiple messages have this Message-ID (diff)
From: "Linus Lüssing" <linus.luessing@c0d3.blue>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
Florian Westphal <fw@strlen.de>,
Stephen Hemminger <stephen@networkplumber.org>,
"David S . Miller" <davem@davemloft.net>,
coreteam@netfilter.org, bridge@lists.linux-foundation.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state
Date: Mon, 4 Dec 2017 05:53:35 +0100 [thread overview]
Message-ID: <20171204045335.GE3307@otheros> (raw)
In-Reply-To: <20171127233008.GA1418@salvia>
Hi Pablo,
Thanks for your reply!
On Tue, Nov 28, 2017 at 12:30:08AM +0100, Pablo Neira Ayuso wrote:
> [...]
> > diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
> > index 61a9f1be1263..f74b48633feb 100644
> > --- a/net/bridge/netfilter/ebt_limit.c
> > +++ b/net/bridge/netfilter/ebt_limit.c
> > @@ -69,6 +69,10 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
> > {
> > struct ebt_limit_info *info = par->matchinfo;
> >
> > + /* Do not reset state on unrelated table changes */
> > + if (info->prev)
> > + return 0;
>
> What kernel version are you using? I suspect you don't have this
> applied?
I'm indeed using a 4.4.102 kernel, as LEDE is still in the process
of updating to 4.14. So 4.4 with LEDE is where I got the measurement
results from.
>
> commit ec23189049651b16dc2ffab35a4371dc1f491aca
> Author: Willem de Bruijn <willemb@google.com>
> Date: Mon Jan 2 17:19:46 2017 -0500
>
> xtables: extend matches and targets with .usersize
And so, no I do not have this patch. I looked at it now, but it
does not seem to have any relation with .matchinfo, does it?
I also had a quick look at a 4.15-rc1 kernel in a VM now. I still
end up in ebt_limit_mt_check() with the variables being reset
when editing the table somewhere.
Regards, Linus
next prev parent reply other threads:[~2017-12-04 4:53 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-25 7:44 [Bridge] [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state Linus Lüssing
2017-11-25 7:44 ` Linus Lüssing
2017-11-27 23:30 ` [Bridge] " Pablo Neira Ayuso
2017-11-27 23:30 ` Pablo Neira Ayuso
2017-12-04 4:53 ` Linus Lüssing [this message]
2017-12-04 4:53 ` Linus Lüssing
2017-12-04 4:53 ` Linus Lüssing
2017-12-04 5:20 ` [Bridge] " Linus Lüssing
2017-12-04 10:13 ` Pablo Neira Ayuso
2017-12-07 0:26 ` Pablo Neira Ayuso
2017-12-07 0:26 ` Pablo Neira Ayuso
2017-12-07 0:26 ` Pablo Neira Ayuso
2017-12-08 5:46 ` [Bridge] " Linus Lüssing
2017-12-08 5:46 ` Linus Lüssing
2017-12-08 5:49 ` [Bridge] " Linus Lüssing
2017-12-08 5:49 ` Linus Lüssing
2017-12-08 5:49 ` Linus Lüssing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171204045335.GE3307@otheros \
--to=linus.luessing@c0d3.blue \
--cc=bridge@lists.linux-foundation.org \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=kadlec@blackhole.kfki.hu \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.