All of lore.kernel.org
 help / color / mirror / Atom feed
* increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel
@ 2021-02-22 20:30 Toralf Förster
  2021-02-22 21:44 ` Jozsef Kadlecsik
  0 siblings, 1 reply; 5+ messages in thread
From: Toralf Förster @ 2021-02-22 20:30 UTC (permalink / raw)
  To: netfilter-devel

I'm curious if there's a better solution than local patching like:

diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 0446307516cd..e482d4a3fadf 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -40,7 +40,7 @@ MODULE_LICENSE("GPL");
  MODULE_ALIAS("ipt_recent");
  MODULE_ALIAS("ip6t_recent");

-static unsigned int ip_list_tot __read_mostly = 100;
+static unsigned int ip_list_tot __read_mostly = 10000;
  static unsigned int ip_list_hash_size __read_mostly;
  static unsigned int ip_list_perms __read_mostly = 0644;
  static unsigned int ip_list_uid __read_mostly;

here under a hardened Gentoo Linux using iptables ?

--
Toralf

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel
  2021-02-22 20:30 increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel Toralf Förster
@ 2021-02-22 21:44 ` Jozsef Kadlecsik
  2021-02-23  8:18   ` Toralf Förster
  0 siblings, 1 reply; 5+ messages in thread
From: Jozsef Kadlecsik @ 2021-02-22 21:44 UTC (permalink / raw)
  To: Toralf Förster; +Cc: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 426 bytes --]

On Mon, 22 Feb 2021, Toralf Förster wrote:

> I'm curious if there's a better solution than local patching like:

See "modinfo xt_recent": you can tune it via a module parameter.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel
  2021-02-22 21:44 ` Jozsef Kadlecsik
@ 2021-02-23  8:18   ` Toralf Förster
  2021-02-23  8:34     ` Jozsef Kadlecsik
  0 siblings, 1 reply; 5+ messages in thread
From: Toralf Förster @ 2021-02-23  8:18 UTC (permalink / raw)
  To: Jozsef Kadlecsik; +Cc: netfilter-devel

On 2/22/21 10:44 PM, Jozsef Kadlecsik wrote:
> On Mon, 22 Feb 2021, Toralf Förster wrote:
>
>> I'm curious if there's a better solution than local patching like:
>
> See "modinfo xt_recent": you can tune it via a module parameter.
>
> Best regards,
> Jozsef

It is a non-modular kernel.

--
Toralf

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel
  2021-02-23  8:18   ` Toralf Förster
@ 2021-02-23  8:34     ` Jozsef Kadlecsik
  2021-02-23 13:47       ` Toralf Förster
  0 siblings, 1 reply; 5+ messages in thread
From: Jozsef Kadlecsik @ 2021-02-23  8:34 UTC (permalink / raw)
  To: Toralf Förster; +Cc: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 554 bytes --]

On Tue, 23 Feb 2021, Toralf Förster wrote:

> > > I'm curious if there's a better solution than local patching like:
> > 
> > See "modinfo xt_recent": you can tune it via a module parameter.
> 
> It is a non-modular kernel.

Then you can specify it as a kernel boot parameter: 
xt_recent.ip_list_tot=N

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel
  2021-02-23  8:34     ` Jozsef Kadlecsik
@ 2021-02-23 13:47       ` Toralf Förster
  0 siblings, 0 replies; 5+ messages in thread
From: Toralf Förster @ 2021-02-23 13:47 UTC (permalink / raw)
  To: Jozsef Kadlecsik; +Cc: netfilter-devel

On 2/23/21 9:34 AM, Jozsef Kadlecsik wrote:
> On Tue, 23 Feb 2021, Toralf Förster wrote:
>
>>>> I'm curious if there's a better solution than local patching like:
>>> See "modinfo xt_recent": you can tune it via a module parameter.
>> It is a non-modular kernel.
> Then you can specify it as a kernel boot parameter:
> xt_recent.ip_list_tot=N
>
> Best regards,
> Jozsef
Ah - good advice, thx !

--
Toralf

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-02-23 13:49 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-22 20:30 increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel Toralf Förster
2021-02-22 21:44 ` Jozsef Kadlecsik
2021-02-23  8:18   ` Toralf Förster
2021-02-23  8:34     ` Jozsef Kadlecsik
2021-02-23 13:47       ` Toralf Förster

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.