http://bugs.winehq.org/show_bug.cgi?id=12302
--- Comment #50 from Daniel Santos daniel.santos@pobox.com 2008-07-08 08:21:49 --- ok, ixnay on that last patch, there are now thousands of non-identical packets getting through. I may be passing the number of bytes back incorrectly causing it to try again in a different way. Will have to investigate further.
(In reply to comment #48)
This could work. I guess it would be easiest to write this as a netfilter match module. For example: iptables -A FORWARD -s 1.2.3.4 -p udp -m multiport --dports x,y,z -m length --length 1:100 -m filterdupes -j DROP
Ok, so I'm reading up a little bit on doing this. I like this solution WAY better because it keeps the wine layer squeaky clean, even though it will result in significantly greater CPU usage (doesn't mean the CPU usage its self will be significant though). It it turns out that the spamming is also causes CPU problems, then we can look more seriously at the wine-layer hack.
So if I'm understanding this correctly, we would just write a filterdupes netfilter module, preferably that accepts some parameters and add a rule that looks something like this:
iptables -A FORWARD -p udp -m multiport --dports 9002,9008 -m length --length 1:100 -m filterdupes --cache-duration 85 --dupes-allowed 2 -j DROP
Is the source address really needed? I would pin down the destination addresses, but that changes for each server and possibly even for the same "server", since they may have (one would hope) a cluster of actual machines. Also restricting to UDP and ports 9002 & 9008 should keep it from interfering with other apps.