import iptables-1.8.4-22.el8
This commit is contained in:
parent
0dcf18f1e5
commit
09dc722e64
|
@ -0,0 +1,47 @@
|
|||
From 41660ba1faea8b7ebd71e94c70ef175a75ab91cc Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Mon, 8 Nov 2021 17:03:21 +0100
|
||||
Subject: [PATCH] extensions: hashlimit: Fix tests with HZ=1000
|
||||
|
||||
In an attempt to fix for failing hashlimit tests with HZ=100, the
|
||||
expected failures were changed so they are expected to pass and the
|
||||
parameters changed to seemingly fix them. Yet while the new parameters
|
||||
worked on HZ=100 systems, with higher tick rates they didn't so the
|
||||
observed problem moved from the test failing on HZ=100 to failing on
|
||||
HZ=1000 instead.
|
||||
|
||||
Kernel's error message "try lower: 864000000/5" turned out to be a red
|
||||
herring: The burst value does not act as a dividor but a multiplier
|
||||
instead, so in order to lower the overflow-checked value, a lower burst
|
||||
value must be chosen. Inded, using a burst value of 1 makes the kernel
|
||||
accept the rule in both HZ=100 and HZ=1000 configurations.
|
||||
|
||||
Fixes: bef9dc575625a ("extensions: hashlimit: Fix tests with HZ=100")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 1eab8e83aec0e6965f11f8cad460add1caeae629)
|
||||
---
|
||||
extensions/libxt_hashlimit.t | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/extensions/libxt_hashlimit.t b/extensions/libxt_hashlimit.t
|
||||
index 8369933786f68..206d92935f2e2 100644
|
||||
--- a/extensions/libxt_hashlimit.t
|
||||
+++ b/extensions/libxt_hashlimit.t
|
||||
@@ -3,12 +3,12 @@
|
||||
-m hashlimit --hashlimit-above 1000000/sec --hashlimit-burst 5 --hashlimit-name mini1;=;OK
|
||||
-m hashlimit --hashlimit-above 1/min --hashlimit-burst 5 --hashlimit-name mini1;=;OK
|
||||
-m hashlimit --hashlimit-above 1/hour --hashlimit-burst 5 --hashlimit-name mini1;=;OK
|
||||
--m hashlimit --hashlimit-above 1/day --hashlimit-burst 500 --hashlimit-name mini1;=;OK
|
||||
+-m hashlimit --hashlimit-above 1/day --hashlimit-burst 1 --hashlimit-name mini1;=;OK
|
||||
-m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 5 --hashlimit-name mini1;=;OK
|
||||
-m hashlimit --hashlimit-upto 1000000/sec --hashlimit-burst 5 --hashlimit-name mini1;=;OK
|
||||
-m hashlimit --hashlimit-upto 1/min --hashlimit-burst 5 --hashlimit-name mini1;=;OK
|
||||
-m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 5 --hashlimit-name mini1;=;OK
|
||||
--m hashlimit --hashlimit-upto 1/day --hashlimit-burst 500 --hashlimit-name mini1;=;OK
|
||||
+-m hashlimit --hashlimit-upto 1/day --hashlimit-burst 1 --hashlimit-name mini1;=;OK
|
||||
-m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1 --hashlimit-htable-expire 2000;=;OK
|
||||
-m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name mini1 --hashlimit-htable-expire 2000;=;OK
|
||||
-m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-mode dstip --hashlimit-name mini1 --hashlimit-htable-expire 2000;=;OK
|
||||
--
|
||||
2.33.0
|
||||
|
|
@ -17,7 +17,7 @@ Name: iptables
|
|||
Summary: Tools for managing Linux kernel packet filtering capabilities
|
||||
URL: http://www.netfilter.org/projects/iptables
|
||||
Version: 1.8.4
|
||||
Release: 21%{?dist}
|
||||
Release: 22%{?dist}
|
||||
Source: %{url}/files/%{name}-%{version}.tar.bz2
|
||||
Source1: iptables.init
|
||||
Source2: iptables-config
|
||||
|
@ -95,6 +95,7 @@ Patch58: 0058-nft-cache-Retry-if-kernel-returns-EINTR.patch
|
|||
Patch59: 0059-doc-ebtables-nft.8-Adjust-for-missing-atomic-options.patch
|
||||
Patch60: 0060-ebtables-Dump-atomic-waste.patch
|
||||
Patch61: 0061-extensions-hashlimit-Fix-tests-with-HZ-100.patch
|
||||
Patch62: 0062-extensions-hashlimit-Fix-tests-with-HZ-1000.patch
|
||||
|
||||
# pf.os: ISC license
|
||||
# iptables-apply: Artistic Licence 2.0
|
||||
|
@ -503,6 +504,9 @@ done
|
|||
%doc %{_mandir}/man8/ebtables*.8*
|
||||
|
||||
%changelog
|
||||
* Mon Nov 29 2021 Phil Sutter <psutter@redhat.com> - 1.8.4-22
|
||||
- extensions: hashlimit: Fix tests with HZ=1000
|
||||
|
||||
* Thu Oct 07 2021 Phil Sutter <psutter@redhat.com> - 1.8.4-21
|
||||
- extensions: hashlimit: Fix tests with HZ=100
|
||||
- ebtables: Dump atomic waste
|
||||
|
|
Loading…
Reference in New Issue