[solved] problem with recent match
martin f krafft
madduck at madduck.net
Sat Mar 11 00:02:16 CET 2006
This issue seems known and solved. Following is a clear explanation
I received elsewhere, included here with permission for
completeness:
Sounds like you are experiencing the timer overflow bug in
ipt_recent. On 32bit machines with HZ at 1000 (the default in 2.6),
you'll hit the bug after ~25 days of uptime. This could explain why
you're only seeing this on some of your machines.
There are a couple of workarounds available [1] [2], but the
consensus from the Netfilter maintainers is that a full rewrite is
needed.
[1] http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
[2] http://www.kd.cz/~martin/kernel-recent/
Apparently, patches exist and I have been told they have been
rejected by the maintainer as ipt_recent "needs a complete rewrite".
Could someone clue me in on the outlook? Is a rewrite already in
progress? Are there plans to remove the buggy module from the stable
kernel tree?
Cheers,
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck
invalid/expired pgp (sub)keys? use subkeys.pgp.net as keyserver!
spamtraps: madduck.bogus at madduck.net
micro$oft windows psychic edition:
we will tell you where you are going tomorrow.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : /pipermail/netfilter/attachments/20060311/fc3692c1/attachment.pgp
More information about the netfilter
mailing list