[NETFILTER]: xt_limit: don't reset state on unrelated rule updates

The limit match reinitializes its state whenever the ruleset changes, which means it will forget about previously used credits. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2006-09-20 14:59:25 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 18:19:50 -0400
commit: 57dab5d0bfee21663ed20222b4cedeb0655ba1f3 (patch)
tree: adb83bae14ed15f1dd196577c4ab1462325bc8df /net/netfilter
parent: ecb70c95c45ece0935b076295388267f6d8db65c (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
index b9c9ff3a06e..8bfcbdfa878 100644
--- a/net/netfilter/xt_limit.c
+++ b/net/netfilter/xt_limit.c
@@ -122,16 +122,16 @@ ipt_limit_checkentry(const char *tablename,
                return 0;
        }
-        /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
-           128. */
-        r->prev = jiffies;
-        r->credit = user2credits(r->avg * r->burst);     /* Credits full. */
-        r->credit_cap = user2credits(r->avg * r->burst); /* Credits full. */
-        r->cost = user2credits(r->avg);
        /* For SMP, we only want to use one set of counters. */
        r->master = r;
+        if (r->cost == 0) {
+                /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
+                   128. */
+                r->prev = jiffies;
+                r->credit = user2credits(r->avg * r->burst);     /* Credits full. */
+                r->credit_cap = user2credits(r->avg * r->burst); /* Credits full. */
+                r->cost = user2credits(r->avg);
+        }
        return 1;
 }
author	Patrick McHardy <kaber@trash.net>	2006-09-20 14:59:25 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 18:19:50 -0400
commit	57dab5d0bfee21663ed20222b4cedeb0655ba1f3 (patch)
tree	adb83bae14ed15f1dd196577c4ab1462325bc8df /net/netfilter
parent	ecb70c95c45ece0935b076295388267f6d8db65c (diff)

diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c index b9c9ff3a06e..8bfcbdfa878 100644 --- a/net/netfilter/xt_limit.c +++ b/net/netfilter/xt_limit.c
@@ -122,16 +122,16 @@ ipt_limit_checkentry(const char *tablename,
122	return 0;	122	return 0;
123	}	123	}
124		124
125	/* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
126	128. */
127	r->prev = jiffies;
128	r->credit = user2credits(r->avg * r->burst); /* Credits full. */
129	r->credit_cap = user2credits(r->avg * r->burst); /* Credits full. */
130	r->cost = user2credits(r->avg);
131
132	/* For SMP, we only want to use one set of counters. */	125	/* For SMP, we only want to use one set of counters. */
133	r->master = r;	126	r->master = r;
134		127	if (r->cost == 0) {
		128	/* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
		129	128. */
		130	r->prev = jiffies;
		131	r->credit = user2credits(r->avg * r->burst); /* Credits full. */
		132	r->credit_cap = user2credits(r->avg * r->burst); /* Credits full. */
		133	r->cost = user2credits(r->avg);
		134	}
135	return 1;	135	return 1;
136	}	136	}
137		137