Below is the patch with the *rest* of the free_page(X) calls changed
to free_pages(X, 2). xt_ACCOUNT should always allocate memory in page
pairs. And always *free* memory in page pairs.
References: http://www.spinics.net/lists/netfilter-devel/msg39025.html
Below is the patch with the *rest* of the free_page(X) calls changed
to free_pages(X, 2). xt_ACCOUNT should always allocate memory in page
pairs. And always *free* memory in page pairs.
References: http://www.spinics.net/lists/netfilter-devel/msg39025.html
As well as writing absolute numeric values to the quota file, you
can now also write numbers preceded by a + sign or a - sign, e.g.
* "+30" would increase the quota by 30
* "+-20" would increase the quota by negative 20,
which is the same as decrease by 20
* "-5" would decrease the quota by 5
xt_DNETMAP.c: In function "dnetmap_prefix_destroy":
xt_DNETMAP.c:185:2: error: implicit declaration of function
"remove_proc_entry" [-Werror=implicit-function-declaration]
remove_proc_entry(p->proc_str_data, dnetmap_net->xt_dnetmap);
The Smoothwall Express traffic stats collector (traffiClogger) does
not handle counter rollovers well and does not perform read&flush.
(Yes, the code is somewhat aged.) To change it to perform read&flush
is non-trivial. Then, it occurred to me that it might be easier to
change ipt_ACCOUNT in xtables-addons to use 64-bit counters,
considering it was designed around single kernel pages.
The following submission counts to at least 100 GB, produces no
obvious kernel gripes, and adjacent counters do not seem to interfere
with each other. Yes, it uses more memory, but RAM costs much less
than bugs that grown out of complex software.
The theory:
- Use two kernel pages for the counters for each group of 256
addresses.
- Change counters to 64-bit.
- Change to __get_free_pages/free_pages, using order=2
(two consecutive pages), and zero both pages.
- Change "%u" to "%llu" as needed.
- Everything else pretty much stays the same.
I also changed tmpbuf to two pages (Justin Case's idea), but I
do not know if that's really necessary.
When the PK_CRYPTO pre-processor flag got removed in
v1.47.1-2-g66f213e, one of the removal cases was misapplied; the body
of an "#ifndef PK_CRYPTO" was left in rather than the whole section
being removed.
Although not officially supported, we have found that the
xtables-addons modules we are interested in work fine on 3.0.4 with a
slight non-invasive mod to compat_xtables.h.
net_random has been removed in commit v3.14-rc1~94^2~191 and replaced
by its definition, prandom_u32.
prandom_u32 was only introduced in v3.8-rc1~74^2~22, so we will have
an extra ifdef for 3.7 support.
1. XT_QUOTA_NO_CHANGE should not alter quota to zero ever
2. XT_QUOTA_PACKET should not be set to zero based on skb->len
Signed-off-by: Sam Liddicott <sam@liddicott.com>
xt_DNETMAP.c: In function "dnetmap_tg_check":
xt_DNETMAP.c:331:16: error: incompatible types when assigning to
type "kuid_t" from type "unsigned int"
xt_DNETMAP.c:332:16: error: incompatible types when assigning to
type "kgid_t" from type "unsigned int"
xt_DNETMAP.c:344:16: error: incompatible types when assigning to
type "kuid_t" from type "unsigned int"
xt_DNETMAP.c:345:16: error: incompatible types when assigning to
type "kgid_t" from type "unsigned int"
xt_condition.c: In function "condition_mt_check":
xt_condition.c:158:24: error: incompatible types when assigning to
type "kuid_t" from type "unsigned int"
xt_condition.c:159:24: error: incompatible types when assigning to
type "kgid_t" from type "unsigned int"
xt_quota2.c: In function "q2_get_counter":
xt_quota2.c:134:18: error: incompatible types when assigning to type
"kuid_t" from type "unsigned int"
xt_quota2.c:135:18: error: incompatible types when assigning to type
"kgid_t" from type "unsigned int"
