Le samedi 27 février 2010 à 20:38 -0700, Tim Gardner a écrit :
> From 03b1a0171cd3b7eb680ec738ddcc21c59688f6fe Mon Sep 17 00:00:00 2001
> From: Tim Gardner <tim.gardner@xxxxxxxxxxxxx>
> Date: Sat, 27 Feb 2010 20:22:07 -0700
> Subject: [PATCH] netfilter: xt_recent: Add an entry reaper
>
> One of the problems with the way xt_recent is implemented is that
> there is no efficient way to remove expired entries. Of course,
> one can write a rule '-m recent --remove', but you have to know
> beforehand which entry to delete. This commit adds reaper
> logic which checks one entry on the LRU list each time a rule
> is invoked that has a '--seconds' value. If an entry ceases
> to accumulate time stamps, then eventually the reaper will
> encounter it in the LRU list and remove it.
>
Might I ask why do you want to remove expired entries like this, using
cpu cycles in the fast path ? I dont understand why you need this reaper
pointer given we already have lru_list to give us the oldest entry.
1) They are normally removed in recent_entry_init(), when a new entry is
about to be added.
2) All entries are flushed when
echo clear > /proc/net/xt_recent/<tablename>
3) You could eventually implement a purge operation to remove all
expired entries at will
echo purge > /proc/net/xt_recent/<tablename>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
