All of lore.kernel.org
 help / color / mirror / Atom feed
From: Patrick McHardy <kaber@trash.net>
To: Msquared <1.list.netfilter@msquared.id.au>
Cc: hdemir@metu.edu.tr,
	Netfilter Development Mailinglist
	<netfilter-devel@lists.netfilter.org>,
	netfilter@lists.netfilter.org
Subject: Re: 'recent' matching when less than hitcount hits
Date: Fri, 29 Jun 2007 14:23:35 +0200	[thread overview]
Message-ID: <4684F9C7.4080603@trash.net> (raw)
In-Reply-To: <20070628040348.GD31525@sliderule.msquared.com.au>

Msquared wrote:
> On Wed, Jun 27, 2007 at 11:07:38AM +0200, Patrick McHardy wrote:
> 
> 
>>>I seem to be having a problem where a rule with --hitcount is matching
>>>when there are fewer hits than is listed in the hitcount parameter.
>>
>>Which kernel version are you using?
> 
> 
> 2.4.22-1.2199.8.legacy.nptl
> 
> 
> On Wed, Jun 27, 2007 at 12:41:46PM +0300, hdemir@metu.edu.tr wrote:
> 
> 
>>>The rules are in a chain that is only hit for incoming SSH connections.
>>>EG: I have this rule in the INPUT chain:
>>>
>>>  -m tcp --dport 22 -j service-ssh
>>
>>You are sending all the traffic to the port 22. Use -m state --state
>>NEW, so that only new ssh connections can be updated. 
> 
> 
> I already tried that, but it made no difference (perhaps because -m state
> --state ESTABLISHED,RELATED -j ACCEPT higher in the INPUT chain).
> 
> Note from the iptables -vnL output that I showed that it only counted one
> hit on the --set rule and a number of hits on the --update rule.


I think I know what the reason is. My rewritten version of the recent
match matches if the current packet is the nth hit and in that case
doesn't note the entry. So you're only seeing n-1 entries in /proc.

Did the old version behave differently here?


  reply	other threads:[~2007-06-29 12:23 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-06-27  9:00 'recent' matching when less than hitcount hits Msquared
2007-06-27  9:07 ` Patrick McHardy
2007-06-28  4:03   ` Msquared
2007-06-29 12:23     ` Patrick McHardy [this message]
2007-07-02  6:19       ` Msquared
2007-06-27  9:41 ` hdemir

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4684F9C7.4080603@trash.net \
    --to=kaber@trash.net \
    --cc=1.list.netfilter@msquared.id.au \
    --cc=hdemir@metu.edu.tr \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.