import iptables-1.8.4-22.el8
This commit is contained in:
		
							parent
							
								
									0dcf18f1e5
								
							
						
					
					
						commit
						09dc722e64
					
				| @ -0,0 +1,47 @@ | ||||
| From 41660ba1faea8b7ebd71e94c70ef175a75ab91cc Mon Sep 17 00:00:00 2001 | ||||
| From: Phil Sutter <phil@nwl.cc> | ||||
| Date: Mon, 8 Nov 2021 17:03:21 +0100 | ||||
| Subject: [PATCH] extensions: hashlimit: Fix tests with HZ=1000 | ||||
| 
 | ||||
| In an attempt to fix for failing hashlimit tests with HZ=100, the | ||||
| expected failures were changed so they are expected to pass and the | ||||
| parameters changed to seemingly fix them. Yet while the new parameters | ||||
| worked on HZ=100 systems, with higher tick rates they didn't so the | ||||
| observed problem moved from the test failing on HZ=100 to failing on | ||||
| HZ=1000 instead. | ||||
| 
 | ||||
| Kernel's error message "try lower: 864000000/5" turned out to be a red | ||||
| herring: The burst value does not act as a dividor but a multiplier | ||||
| instead, so in order to lower the overflow-checked value, a lower burst | ||||
| value must be chosen. Inded, using a burst value of 1 makes the kernel | ||||
| accept the rule in both HZ=100 and HZ=1000 configurations. | ||||
| 
 | ||||
| Fixes: bef9dc575625a ("extensions: hashlimit: Fix tests with HZ=100") | ||||
| Signed-off-by: Phil Sutter <phil@nwl.cc> | ||||
| (cherry picked from commit 1eab8e83aec0e6965f11f8cad460add1caeae629) | ||||
| ---
 | ||||
|  extensions/libxt_hashlimit.t | 4 ++-- | ||||
|  1 file changed, 2 insertions(+), 2 deletions(-) | ||||
| 
 | ||||
| diff --git a/extensions/libxt_hashlimit.t b/extensions/libxt_hashlimit.t
 | ||||
| index 8369933786f68..206d92935f2e2 100644
 | ||||
| --- a/extensions/libxt_hashlimit.t
 | ||||
| +++ b/extensions/libxt_hashlimit.t
 | ||||
| @@ -3,12 +3,12 @@
 | ||||
|  -m hashlimit --hashlimit-above 1000000/sec --hashlimit-burst 5 --hashlimit-name mini1;=;OK | ||||
|  -m hashlimit --hashlimit-above 1/min --hashlimit-burst 5 --hashlimit-name mini1;=;OK | ||||
|  -m hashlimit --hashlimit-above 1/hour --hashlimit-burst 5 --hashlimit-name mini1;=;OK | ||||
| --m hashlimit --hashlimit-above 1/day --hashlimit-burst 500 --hashlimit-name mini1;=;OK
 | ||||
| +-m hashlimit --hashlimit-above 1/day --hashlimit-burst 1 --hashlimit-name mini1;=;OK
 | ||||
|  -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 5 --hashlimit-name mini1;=;OK | ||||
|  -m hashlimit --hashlimit-upto 1000000/sec --hashlimit-burst 5 --hashlimit-name mini1;=;OK | ||||
|  -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 5 --hashlimit-name mini1;=;OK | ||||
|  -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 5 --hashlimit-name mini1;=;OK | ||||
| --m hashlimit --hashlimit-upto 1/day --hashlimit-burst 500 --hashlimit-name mini1;=;OK
 | ||||
| +-m hashlimit --hashlimit-upto 1/day --hashlimit-burst 1 --hashlimit-name mini1;=;OK
 | ||||
|  -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1 --hashlimit-htable-expire 2000;=;OK | ||||
|  -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name mini1 --hashlimit-htable-expire 2000;=;OK | ||||
|  -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-mode dstip --hashlimit-name mini1 --hashlimit-htable-expire 2000;=;OK | ||||
| -- 
 | ||||
| 2.33.0 | ||||
| 
 | ||||
| @ -17,7 +17,7 @@ Name: iptables | ||||
| Summary: Tools for managing Linux kernel packet filtering capabilities | ||||
| URL: http://www.netfilter.org/projects/iptables | ||||
| Version: 1.8.4 | ||||
| Release: 21%{?dist} | ||||
| Release: 22%{?dist} | ||||
| Source: %{url}/files/%{name}-%{version}.tar.bz2 | ||||
| Source1: iptables.init | ||||
| Source2: iptables-config | ||||
| @ -95,6 +95,7 @@ Patch58: 0058-nft-cache-Retry-if-kernel-returns-EINTR.patch | ||||
| Patch59: 0059-doc-ebtables-nft.8-Adjust-for-missing-atomic-options.patch | ||||
| Patch60: 0060-ebtables-Dump-atomic-waste.patch | ||||
| Patch61: 0061-extensions-hashlimit-Fix-tests-with-HZ-100.patch | ||||
| Patch62: 0062-extensions-hashlimit-Fix-tests-with-HZ-1000.patch | ||||
| 
 | ||||
| # pf.os: ISC license | ||||
| # iptables-apply: Artistic Licence 2.0 | ||||
| @ -503,6 +504,9 @@ done | ||||
| %doc %{_mandir}/man8/ebtables*.8* | ||||
| 
 | ||||
| %changelog | ||||
| * Mon Nov 29 2021 Phil Sutter <psutter@redhat.com> - 1.8.4-22 | ||||
| - extensions: hashlimit: Fix tests with HZ=1000 | ||||
| 
 | ||||
| * Thu Oct 07 2021 Phil Sutter <psutter@redhat.com> - 1.8.4-21 | ||||
| - extensions: hashlimit: Fix tests with HZ=100 | ||||
| - ebtables: Dump atomic waste | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user