On Tuesday 2009-01-13 08:28, Jan Engelhardt wrote: >On Tuesday 2009-01-13 05:43, Patrick McHardy wrote: >>>>> [...] >>> >>> How could that happen? I'm not accepting between the statistic >>> match rules (which would definitely cause the rules to get out of >>> sync). >> >> Are you running on an SMP system? If so, try printing out the value >> of info->master and verify that it always points to the same memory >> (for each single match instance, so you should see exactly three >> different values). > >Since info->master is always on CPU0, it's easy: > > taskset -c 0 iptables -nvL > Blip.. Ideally, for tracking, you can use the -m quota match (or alternatively, -m quota2 with Xtables-addons, which supports counting upwards) as an alternate counter to the per-counter rules. IOW iptables ... -m statistic ... -m quota --quota 20000000 or iptables ... -m statistic ... -m quota2 --grow (should ideally be done with iptables-restore so that all rules take effect at the same time) then, `taskset -c0 iptables -nvL` should return the same quota values for all rules. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
