Message ID | 4B7E08D8.4000001@canonical.com |
---|---|
State | Accepted |
Delegated to: | Andy Whitcroft |
Headers | show |
On 10 Feb 18, Tim Gardner wrote: > If verified, then I'll send it upstream. Its also worthy of a pre-stable > patch. > > rtg > -- > Tim Gardner tim.gardner@canonical.com > From 146111514a8c126268e848e45b7dd967329b072f Mon Sep 17 00:00:00 2001 > From: Tim Gardner <tim.gardner@canonical.com> > Date: Thu, 18 Feb 2010 20:33:00 -0700 > Subject: [PATCH] xt_recent: Fix false match. > > A rule with a zero hit_count will always match. > > Signed-off-by: Tim Gardner <tim.gardner@canonical.com> > Cc: stable@kernel.org > --- > net/netfilter/xt_recent.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c > index 1bb0d6c..43e83a4 100644 > --- a/net/netfilter/xt_recent.c > +++ b/net/netfilter/xt_recent.c > @@ -260,7 +260,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par) > for (i = 0; i < e->nstamps; i++) { > if (info->seconds && time_after(time, e->stamps[i])) > continue; > - if (++hits >= info->hit_count) { > + if (info->hit_count && ++hits >= info->hit_count) { > ret = !ret; > break; > } > -- > 1.6.2.4 > Looks correct. Acked-by: Amit Kucheria <amit.kucheria@canonical.com>
Tim Gardner wrote: > If verified, then I'll send it upstream. Its also worthy of a pre-stable > patch. > > rtg > It looks sensible. Though this is a case for me where context matters: What would be the semantics of a missing hit count? Catch all or just not of interest here? In the second case the patch is correct. Stefan
On Thu, 2010-02-18 at 20:43 -0700, Tim Gardner wrote: > If verified, then I'll send it upstream. Its also worthy of a pre-stable > patch. > > rtg Looks good to me Acked-by: Colin King <colin.king@canonical.com>
Picked the version as applied upstream. Applied to Lucid. -apw
From 146111514a8c126268e848e45b7dd967329b072f Mon Sep 17 00:00:00 2001 From: Tim Gardner <tim.gardner@canonical.com> Date: Thu, 18 Feb 2010 20:33:00 -0700 Subject: [PATCH] xt_recent: Fix false match. A rule with a zero hit_count will always match. Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Cc: stable@kernel.org --- net/netfilter/xt_recent.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index 1bb0d6c..43e83a4 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c @@ -260,7 +260,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par) for (i = 0; i < e->nstamps; i++) { if (info->seconds && time_after(time, e->stamps[i])) continue; - if (++hits >= info->hit_count) { + if (info->hit_count && ++hits >= info->hit_count) { ret = !ret; break; } -- 1.6.2.4