Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

author: David S. Miller <davem@davemloft.net> 2010-02-24 21:23:37 -0500
committer: David S. Miller <davem@davemloft.net> 2010-02-24 21:23:37 -0500
commit: 54831a83bfe656c4c54e287c734c6b0ccaa3719b (patch)
tree: abd5bef16d1a6011f629a36d4e245a2ed4f3df3c /net/netfilter
parent: fb977e2ca607a7e74946a1de798f474d1b80b9d6 (diff)
parent: 0f234214d15fa914436d304ecf5c3e43449e79f9 (diff)
2 files changed, 10 insertions, 6 deletions
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 6f21b4377db..0e357ac9a2a 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -239,6 +239,7 @@ static bool tcpmss_tg4_check(const struct xt_tgchk_param *par)
 {
        const struct xt_tcpmss_info *info = par->targinfo;
        const struct ipt_entry *e = par->entryinfo;
+        const struct xt_entry_match *ematch;
        if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
            (par->hook_mask & ~((1 << NF_INET_FORWARD) |
@@ -248,8 +249,9 @@ static bool tcpmss_tg4_check(const struct xt_tgchk_param *par)
                       "FORWARD, OUTPUT and POSTROUTING hooks\n");
                return false;
        }
-        if (IPT_MATCH_ITERATE(e, find_syn_match))
+        xt_ematch_foreach(ematch, e)
-                return true;
+                if (find_syn_match(ematch))
+                        return true;
        printk("xt_TCPMSS: Only works on TCP SYN packets\n");
        return false;
 }
@@ -259,6 +261,7 @@ static bool tcpmss_tg6_check(const struct xt_tgchk_param *par)
 {
        const struct xt_tcpmss_info *info = par->targinfo;
        const struct ip6t_entry *e = par->entryinfo;
+        const struct xt_entry_match *ematch;
        if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
            (par->hook_mask & ~((1 << NF_INET_FORWARD) |
@@ -268,8 +271,9 @@ static bool tcpmss_tg6_check(const struct xt_tgchk_param *par)
                       "FORWARD, OUTPUT and POSTROUTING hooks\n");
                return false;
        }
-        if (IP6T_MATCH_ITERATE(e, find_syn_match))
+        xt_ematch_foreach(ematch, e)
-                return true;
+                if (find_syn_match(ematch))
+                        return true;
        printk("xt_TCPMSS: Only works on TCP SYN packets\n");
        return false;
 }
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 132cfaa84cd..7073dbb8100 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -177,10 +177,10 @@ recent_entry_init(struct recent_table *t, const union nf_inet_addr *addr,
 static void recent_entry_update(struct recent_table *t, struct recent_entry *e)
 {
+        e->index %= ip_pkt_list_tot;
        e->stamps[e->index++] = jiffies;
        if (e->index > e->nstamps)
                e->nstamps = e->index;
-        e->index %= ip_pkt_list_tot;
        list_move_tail(&e->lru_list, &t->lru_list);
 }
@@ -267,7 +267,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par)
                for (i = 0; i < e->nstamps; i++) {
                        if (info->seconds && time_after(time, e->stamps[i]))
                                continue;
-                        if (++hits >= info->hit_count) {
+                        if (info->hit_count && ++hits >= info->hit_count) {
                                ret = !ret;
                                break;
                        }
author	David S. Miller <davem@davemloft.net>	2010-02-24 21:23:37 -0500
committer	David S. Miller <davem@davemloft.net>	2010-02-24 21:23:37 -0500
commit	54831a83bfe656c4c54e287c734c6b0ccaa3719b (patch)
tree	abd5bef16d1a6011f629a36d4e245a2ed4f3df3c /net/netfilter
parent	fb977e2ca607a7e74946a1de798f474d1b80b9d6 (diff)
parent	0f234214d15fa914436d304ecf5c3e43449e79f9 (diff)