Skip to content
Snippets Groups Projects
Select Git revision
  • f01037384d2cbbec975635c1526c45b5126664b5
  • experimental default protected
  • v2023.2.5-ffs
  • nrb/ex400-remove-wps
  • nrb/airmax-test
  • v2023.2.4-ffs
  • nrb/ar9344-reset-sequence
  • autinerd/experimental-openwrt-24.10
  • v2023.2.3-ffs
  • v2023.2.2-ffs
  • v2023.2-ffs
  • v2023.1-ffs
  • v2022.1.4-ffs
  • feature/addMikrotikwAP
  • v2022.1.3-ffs
  • v2021.1.2-ffs
  • v2022.1.1-ffs
  • master protected
  • v2021.1.1-ffs
  • nrb/gluon-master-cpe510
  • v2021.1-ffs
  • experimental-2025-06-22
  • experimental-2025-06-22-base
  • v2023.2.5-ffs0.1
  • experimental-2025-06-08
  • experimental-2025-06-08-base
  • experimental-2025-06-06
  • experimental-2025-06-06-base
  • experimental-2025-05-27
  • experimental-2025-05-27-base
  • experimental-2025-05-18
  • experimental-2025-05-18-base
  • experimental-2025-05-15
  • experimental-2025-05-15-base
  • experimental-2025-05-13
  • experimental-2025-05-13-base
  • experimental-2025-05-08
  • experimental-2025-05-08-base
  • experimental-2025-05-05
  • experimental-2025-05-05-base
  • experimental-2025-05-02
41 results

0066-kernel-bridge-ebtables-Avoid-resetting-limit-rule-state.patch

Blame
    • 0066-kernel-bridge-ebtables-Avoid-resetting-limit-rule-state.patch 2.29 KiB 
    From: Linus Lüssing <linus.luessing@c0d3.blue>
Date: Sun, 26 Nov 2017 05:19:21 +0100
Subject: kernel: bridge: ebtables: Avoid resetting limit rule state

Link: https://patchwork.ozlabs.org/patch/841210/
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

diff --git a/target/linux/generic/patches-4.4/121-bridge-ebtables-Avoid-resetting-limit-rule-state.patch b/target/linux/generic/patches-4.4/121-bridge-ebtables-Avoid-resetting-limit-rule-state.patch
new file mode 100644
index 0000000000000000000000000000000000000000..417fdd75e543ebb6a3fdd56cb97fc83324eeb104
--- /dev/null
+++ b/target/linux/generic/patches-4.4/121-bridge-ebtables-Avoid-resetting-limit-rule-state.patch
@@ -0,0 +1,50 @@
+From 535097827e437bfa1906ed3210e6504750f4342b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@c0d3.blue>
+Date: Sat, 25 Nov 2017 00:36:13 +0100
+Subject: [PATCH] bridge: ebtables: Avoid resetting limit rule state
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+So far any changes with ebtables will reset the state of limit rules,
+leading to spikes in traffic. This is especially noticeable if changes
+are done frequently, for instance via a daemon.
+
+This patch fixes this by bailing out from (re)setting if the limit
+rule was initialized before.
+
+When sending packets every 250ms for 600s, with a
+"--limit 1/sec --limit-burst 50" rule and a command like this
+in the background:
+
+$ ebtables -N VOIDCHAIN
+$ while true; do ebtables -F VOIDCHAIN; sleep 30; done
+
+The results are:
+
+Before: ~1600 packets
+After: 650 packets
+
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+---
+ net/bridge/netfilter/ebt_limit.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
+index 61a9f1be1263..f74b48633feb 100644
+--- a/net/bridge/netfilter/ebt_limit.c
++++ b/net/bridge/netfilter/ebt_limit.c
+@@ -69,6 +69,10 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
+ {
+ 	struct ebt_limit_info *info = par->matchinfo;
+ 
++	/* Do not reset state on unrelated table changes */
++	if (info->prev)
++		return 0;
++
+ 	/* Check for overflow. */
+ 	if (info->burst == 0 ||
+ 	    user2credits(info->avg * info->burst) < user2credits(info->avg)) {
+-- 
+2.11.0
+

    Impressum - Datenschutz