Eric Dumazet wrote:
Damned this broke xt_hashlimit, version=0 ... So, it appears some modules are using pointers to themselves, what a hack :(
Indeed. This is unfortunately necessary in some cases to make sure that modules using global state actually use global state instead of the per-CPU copies.
We probably need an audit of other modules. (net/netfilter/xt_statistic.c, net/netfilter/xt_quota.c, net/netfilter/xt_limit.c ...)
This seems fine in case of hashlimit since it the match data is read-only. In case of statistic and quota I think we still need it I think.
Unfortunatly I wont have time to do this in following days, any volunteer ? Thank you [PATCH] netfilter: xt_hashlimit fix Commit 784544739a25c30637397ace5489eeb6e15d7d49 (netfilter: iptables: lock free counters) broke xt_hashlimit netfilter module : This module was storing a pointer inside its xt_hashlimit_info, and this pointer is not relocated when we temporarly switch tables (iptables -L). This hack is not not needed at all (probably a leftover from ancient time), as each cpu should and can access to its own copy.
Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
