From: Tim Gardner <timg@tpi.com>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: kaber@trash.net, netfilter-devel@vger.kernel.org
Subject: Re: iptables pull request, add XT_RECENT_REAP support
Date: Wed, 17 Mar 2010 14:26:52 -0600 [thread overview]
Message-ID: <4BA13B0C.2030301@tpi.com> (raw)
In-Reply-To: <alpine.LSU.2.01.1003172021450.16169@obet.zrqbmnf.qr>
On 03/17/2010 02:13 PM, Jan Engelhardt wrote:
>
> On Wednesday 2010-03-17 19:48, Tim Gardner wrote:
>>
>> @@ -36,6 +37,7 @@ static void recent_help(void)
>> " --hitcount hits For check and update commands above.\n"
>> " Specifies that the match will only occur if source address seen hits times.\n"
>> " May be used in conjunction with the seconds option.\n"
>> +" --reap Remove entries that have expired. Can only be used with --seconds\n"
>
> What's going to happen if you mix a "--reap --seconds 60" rule with
> "--reap --seconds 3600" rule?
>
If both rules are operating on the same '--name', then I would expect
the rule that is invoked to reap according to the '--seconds' specified
in that rule.
Mixing rules like this on the same table doesn't seem like a likely
scenario to me.
>> +/* Only allowed with --rcheck and --update */
>> +#define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP)
>> +
>> +#define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\
>> + XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP)
>> +
>
> Since these two are only used on the kernel side, it would have made
> sense to put them into xt_recent.c only.
>
rtg
--
Tim Gardner timg@tpi.com www.tpi.com
OR 503-601-0234 x102 MT 406-443-5357
next prev parent reply other threads:[~2010-03-17 20:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-17 18:48 iptables pull request, add XT_RECENT_REAP support Tim Gardner
2010-03-17 19:34 ` Eric Dumazet
2010-03-17 19:44 ` Tim Gardner
2010-03-17 19:50 ` Eric Dumazet
2010-03-17 20:21 ` Tim Gardner
2010-03-17 20:40 ` Tim Gardner
2010-03-18 13:05 ` Patrick McHardy
2010-03-17 20:13 ` Jan Engelhardt
2010-03-17 20:26 ` Tim Gardner [this message]
2010-03-17 20:14 ` Jan Engelhardt
2010-03-17 20:29 ` Tim Gardner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BA13B0C.2030301@tpi.com \
--to=timg@tpi.com \
--cc=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).