Re: Query: status of ipt_recent?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Grant Coady <gcoady.lk@gmail.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: Query: status of ipt_recent?
Date: Mon, 29 May 2006 01:25:28 +0200	[thread overview]
Message-ID: <447A3168.4030308@trash.net> (raw)
In-Reply-To: <71bk725lasf680d0d94h79bbpanlap0hju@4ax.com>

Grant Coady wrote:
> On Sun, 28 May 2006 14:05:11 +0200, Patrick McHardy <kaber@trash.net> wrote:
> 
>>The problem with the recent match is mostly that its an offence
>>to the eyes and very hard to maintain, even small and simple patches
>>are hard to review. As far as I know it works fine if you forget
>>about a few corner cases, so I don't really see a reason for a
>>backport. Shouldn't be very hard though.
> 
> 
> I use 2.4.latest on firewall box and was using iptables --recent 
> for web server traffic calming (on tiny pipe to 'net) by src_ip 
> to prevent DoS by some users.  I hadn't noticed memory leak, 
> perhaps 'cos uptime max is in weeks, and I unload/reload ipt_recent 
> 'cos firewall sets parameters (more entries, less history):
> 
>         report "    reload --recent (250 x 2)"
>         rmmod ipt_recent
>         # see man iptables for this:
>         modprobe ipt_recent ip_list_tot=250 ip_pkt_list_tot=2
> 
> each time I fiddle with the iptables ruleset.

The leak only happens on an error path under very unlikely
circumstances.

> If the author has abandoned the thing I could reformat it, throw 
> in some function calls to convert the spaghetti code to functions, 
> make it easier to see the obfuscated control flow, and throw in 
> some goto targets as well ;)  (CodingStyle single exit)
> 
> I'd hate to duplicate a work in progress.  

Well, for 2.6 we have a replacement now. For 2.4 such a patch would
be too intrusive, so you would have to maintain it yourself out of
tree.

next prev parent reply	other threads:[~2006-05-28 23:25 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-28  4:39 Query: status of ipt_recent? Grant Coady
2006-05-28 12:05 ` Patrick McHardy
2006-05-28 23:21   ` Grant Coady
2006-05-28 23:25     ` Patrick McHardy [this message]
2006-05-28 23:39       ` Grant Coady

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=447A3168.4030308@trash.net \
    --to=kaber@trash.net \
    --cc=gcoady.lk@gmail.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.