lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 27 Jun 2007 14:51:47 +0200
From:	Patrick McHardy <kaber@...sh.net>
To:	Vasily Averin <vvs@...ru>
CC:	netfilter-devel@...ts.netfilter.org, rusty@...tcorp.com.au,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Eric Dumazet <dada1@...mosbay.com>,
	Jan Engelhardt <jengelh@...putergmbh.de>,
	"David S. Miller" <davem@...emloft.net>, devel@...nvz.org
Subject: Re: [NETFILTER] early_drop() imrovement (v4)

Vasily Averin wrote:
> Patrick McHardy wrote:
> 
>>+	for (i = 0; i < NF_CT_EVICTION_RANGE; i++) {
>>+		hlist_for_each_entry(h, n, &nf_conntrack_hash[hash], hnode) {
>>+			tmp = nf_ct_tuplehash_to_ctrack(h);
>>+			if (!test_bit(IPS_ASSURED_BIT, &tmp->status))
>>+				ct = tmp;
>>+		}
>>+		if (ct) {
>>+			atomic_inc(&ct->ct_general.use);
>>+			break;
>>+		}
>>+		hash = (hash + 1) % nf_conntrack_htable_size;
> 
> 
> it is incorrect,
> We should count the number of checked _conntracks_, but you count the number of
> hash buckets. I.e "i" should be incremented/checked inside the nested loop.


I misunderstood your patch then. This one should be better.

View attachment "x" of type "text/plain" (2765 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ