Re: [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state

2017-12-07 Thread Linus Lüssing
On Fri, Dec 08, 2017 at 06:46:06AM +0100, Linus Lüssing wrote: > Extending the usersize to include info->prev would probably be too > hackish/ugly, right? And wouldn't be enough anyway, since info->{credit,credit_cap,cost} would still be zeroed... Hm.

Re: [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state

2017-12-07 Thread Linus Lüssing
On Thu, Dec 07, 2017 at 01:26:19AM +0100, Pablo Neira Ayuso wrote: > > I also had a quick look at a 4.15-rc1 kernel in a VM now. I still > > end up in ebt_limit_mt_check() with the variables being reset > > when editing the table somewhere. > > My question is if your fix would work with 4.15-rc1.

Re: [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state

2017-12-06 Thread Pablo Neira Ayuso
Hi Linus, On Mon, Dec 04, 2017 at 05:53:35AM +0100, Linus Lüssing wrote: > Hi Pablo, > > Thanks for your reply! > > On Tue, Nov 28, 2017 at 12:30:08AM +0100, Pablo Neira Ayuso wrote: > > [...] > > > diff --git a/net/bridge/netfilter/ebt_limit.c > > > b/net/bridge/netfilter/ebt_limit.c > > > ind

Re: [Bridge] [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state

2017-12-04 Thread Pablo Neira Ayuso
On Mon, Dec 04, 2017 at 06:20:06AM +0100, Linus Lüssing wrote: > On Mon, Dec 04, 2017 at 05:53:35AM +0100, Linus Lüssing wrote: > > And so, no I do not have this patch. I looked at it now, but it > > does not seem to have any relation with .matchinfo, does it? > > Relation between .usersize and .c

Re: [Bridge] [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state

2017-12-03 Thread Linus Lüssing
On Mon, Dec 04, 2017 at 05:53:35AM +0100, Linus Lüssing wrote: > And so, no I do not have this patch. I looked at it now, but it > does not seem to have any relation with .matchinfo, does it? Relation between .usersize and .checkentry I ment, not .usersize and .matchinfo.

Re: [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state

2017-12-03 Thread Linus Lüssing
Hi Pablo, Thanks for your reply! On Tue, Nov 28, 2017 at 12:30:08AM +0100, Pablo Neira Ayuso wrote: > [...] > > diff --git a/net/bridge/netfilter/ebt_limit.c > > b/net/bridge/netfilter/ebt_limit.c > > index 61a9f1be1263..f74b48633feb 100644 > > --- a/net/bridge/netfilter/ebt_limit.c > > +++ b/ne

Re: [PATCH net-next] bridge: ebtables: Avoid resetting limit rule state

2017-11-27 Thread Pablo Neira Ayuso
Hi Linus, On Sat, Nov 25, 2017 at 08:44:18AM +0100, Linus Lüssing wrote: > So far any changes with ebtables will reset the state of limit rules, > leading to spikes in traffic. This is especially noticeable if changes > are done frequently, for instance via a daemon. > > This patch fixes this by

[PATCH net-next] bridge: ebtables: Avoid resetting limit rule state

2017-11-24 Thread Linus Lüssing
So far any changes with ebtables will reset the state of limit rules, leading to spikes in traffic. This is especially noticeable if changes are done frequently, for instance via a daemon. This patch fixes this by bailing out from (re)setting if the limit rule was initialized before. When sending