coveralls
commented
4 years ago Coverage decreased (-0.05%) to 58.507% when pulling 282c790738a111b1ddc27b43ecb0acfab8b09024 on chruss2:master into 7fe9a9982bb9ddb0fa09cb12a0bc9f3d1001b382 on ldx:master.
Closed chruss2 closed 4 years ago
coveralls
commented
4 years ago Coverage decreased (-0.05%) to 58.507% when pulling 282c790738a111b1ddc27b43ecb0acfab8b09024 on chruss2:master into 7fe9a9982bb9ddb0fa09cb12a0bc9f3d1001b382 on ldx:master.
ldx
commented
4 years ago Interesting, do you have some example code that can reproduce the original issue in #282?
chruss2
commented
4 years ago Sure. It requires a fairly recent libxtables, so alpine 3.10 is an easy way to reproduce it. Here is a docker one-liner.
docker run --privileged alpine:3.10 sh -c 'apk add python3-dev alpine-sdk iptables ip6tables; pip3 install python-iptables; XTABLES_LIBDIR=/usr/lib/xtables python3 -c "import sys; import iptc; match = iptc.Match(iptc.Rule(), \"addrtype\"); match6 = iptc.Match(iptc.Rule6(), \"addrtype\")"'
ldx
commented
4 years ago Looks good, thanks! :+1:
a-martynovich
commented
4 years ago This patch leads to a freeze with 100% CPU usage with iptables older than 1.8.0. Try it on Ubuntu 18.04 for instance. This patch needs to be applied only if iptables is 1.8.0 or newer.
ldx
commented
4 years ago I have 1.6.0 and not seeing this problem, any chance you can provide some example code that reproduces the issue?
Protocol-independent extensions will be looked up once for each protocol and added to the protocol-specific cache.
Fixes #282.