From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org,
coreteam@netfilter.org
Subject: Re: [PATCH] [connlimit] connlimit-above early loop termination
Date: Sun, 13 Feb 2011 13:53:17 -0500 [thread overview]
Message-ID: <4D58289D.5000801@linux.vnet.ibm.com> (raw)
In-Reply-To: <4D556B45.8030304@trash.net>
On 02/11/2011 12:00 PM, Patrick McHardy wrote:
> On 11.02.2011 17:22, Stefan Berger wrote:
>> The patch below introduces an early termination of the loop that is
>> counting matches. It terminates once the counter has exceeded the
>> threshold provided by the user. There's no point in continuing the loop
>> afterwards and looking at other entries.
>>
>> It plays together with the following code further below:
>>
>> return (connections> info->limit) ^ info->inverse;
>>
>> where connections is the result of the counted connection, which in turn
>> is the matches variable in the loop. So once
>>
>> -> matches = info->limit + 1
>> alias -> matches> info->limit
>> alias -> matches> threshold
>>
>> we can terminate the loop.
>>
> Applied, thanks Stefan.
I am currently creating a derivative of this module for a slightly
different purpose. While testing that one and not using the -m state
--state -NEW in front of the -m connlimit, I saw that that shortcut
doesn't work properly but keeps on adding entries into the list. So,
unfortunately I have to withdraw that patch. I apologize and I'll send a
patch for this.
Regards,
Stefan
prev parent reply other threads:[~2011-02-13 18:53 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-11 16:22 [PATCH] [connlimit] connlimit-above early loop termination Stefan Berger
2011-02-11 17:00 ` Patrick McHardy
2011-02-13 18:53 ` Stefan Berger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D58289D.5000801@linux.vnet.ibm.com \
--to=stefanb@linux.vnet.ibm.com \
--cc=coreteam@netfilter.org \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.