Re: Bug#332381: This problem has broader implications
- To: debian-kernel@lists.debian.org
- Subject: Re: Bug#332381: This problem has broader implications
- From: Horms <horms@verge.net.au>
- Date: Wed, 30 Nov 2005 08:05:46 +0000 (UTC)
- Message-id: <dmjmgp$nvv$1@sea.gmane.org>
- References: <438A0206.30001__16961.6409847096$1133118300$gmane$org@debian.org>
Micah Anderson <micah@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Although the original report says, "After 250 days, the jiffies overflow
> and ipt_recent do not work anymore" and is for 2.4, I've actually found
> that the code included in 2.6.8 (and probably any kernel version that
> includes ipt_recent) causes unexpected issues related to the jiffies as
> well, other than the 250 days issue.
>
> If you have rules that block based on ipt_recent you will find that they
> will block much too early at odd times. For example, I have a rule that
> will DROP ssh connections if there have been more than 6 seen in the
> last 60 seconds, but (seemingly) randomly I will get DROPped on the
> first connection.
Lets be quite clear, the ip_recent code is in dire need of a rewrite.
--
Horms
Reply to: