Duplicates in recent module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm getting duplicate entries in a "recent" table. E.g.:

# cat banned | grep 193.23.112.133
src=193.23.112.133 ttl: 58 last_seen: 436851854 oldest_pkt: 1 last_pkts: 436851854
src=193.23.112.133 ttl: 58 last_seen: 435101910 oldest_pkt: 1 last_pkts: 435101910
src=193.23.112.133 ttl: 58 last_seen: 435600728 oldest_pkt: 1 last_pkts: 435600728

I took a quick look at the source(*) and I as far as I understand even
if I would "--set" the same IP multiple times it would/should still only
create one entry.

These are the rules I use:
-A in $ETH0_TCP_SYN -m recent --rcheck --seconds 60 --name banned --rsource -j DROP 
-A in $ETH0_TCP_SYN -m recent --remove --name banned --rsource 
-A in $ETH0_TCP_SYN -m hashlimit --hashlimit 5/sec --hashlimit-name accept --hashlimit-htable-max 4096 -j ACCEPT 
-A in $ETH0_TCP_SYN -m hashlimit --hashlimit 5/sec --hashlimit-name drop --hashlimit-htable-max 4096 -j DROP 
-A in $ETH0_TCP_SYN -m recent --set --name banned --rsource -j DROP 

Although this tries to avoid adding the same IP to the list multiple
times I think it is unavoidable that multiple packets could have passed
the initial 'rcheck', and heading towards the final 'set' rule at the
same time. (It's a quad core CPU.)

Is there something I can, or should, do to prevent these dups?

(*)I must admit that the running kernel is a 2.6.17.7 and I looked at
the source of linux-2.6.22-rc5.

Regards,
Mark.




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux