diff options
| author | Tim Gardner <tim.gardner@canonical.com> | 2010-02-23 13:59:12 (GMT) |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-23 13:59:12 (GMT) |
| commit | 8ccb92ad41cb311e52ad1b1fe77992c7f47a3b63 (patch) | |
| tree | f982c7731f58d73b8fd78b28ab198da0d77d8939 | |
| parent | 2c08522e5d2f0af2d6f05be558946dcbf8173683 (diff) | |
| download | linux-8ccb92ad41cb311e52ad1b1fe77992c7f47a3b63.tar.xz | |
netfilter: xt_recent: fix false match
A rule with a zero hit_count will always match.
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
| -rw-r--r-- | net/netfilter/xt_recent.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index 1278f0a..7073dbb 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c @@ -267,7 +267,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par) for (i = 0; i < e->nstamps; i++) { if (info->seconds && time_after(time, e->stamps[i])) continue; - if (++hits >= info->hit_count) { + if (info->hit_count && ++hits >= info->hit_count) { ret = !ret; break; } |