Commit 57dab5d0 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: xt_limit: don't reset state on unrelated rule updates 



The limit match reinitializes its state whenever the ruleset changes,
which means it will forget about previously used credits.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ecb70c95

net/netfilter/xt_limit.c

+8 −8
Original line number Diff line number Diff line
@@ -122,16 +122,16 @@ ipt_limit_checkentry(const char *tablename, 
		return 0;

	}



	/* For SMP, we only want to use one set of counters. */

	r->master = r;

	if (r->cost == 0) {

		/* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *

		   128. */

		r->prev = jiffies;

		r->credit = user2credits(r->avg * r->burst);	 /* Credits full. */

		r->credit_cap = user2credits(r->avg * r->burst); /* Credits full. */

		r->cost = user2credits(r->avg);



	/* For SMP, we only want to use one set of counters. */

	r->master = r;



	}

	return 1;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE