diff options
author | Tim Gardner <tim.gardner@canonical.com> | 2010-02-23 08:59:12 -0500 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-02-23 08:59:12 -0500 |
commit | 8ccb92ad41cb311e52ad1b1fe77992c7f47a3b63 (patch) | |
tree | f982c7731f58d73b8fd78b28ab198da0d77d8939 /net | |
parent | 2c08522e5d2f0af2d6f05be558946dcbf8173683 (diff) |
netfilter: xt_recent: fix false match
A rule with a zero hit_count will always match.
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/xt_recent.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index 1278f0aa7434..7073dbb8100c 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c | |||
@@ -267,7 +267,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
267 | for (i = 0; i < e->nstamps; i++) { | 267 | for (i = 0; i < e->nstamps; i++) { |
268 | if (info->seconds && time_after(time, e->stamps[i])) | 268 | if (info->seconds && time_after(time, e->stamps[i])) |
269 | continue; | 269 | continue; |
270 | if (++hits >= info->hit_count) { | 270 | if (info->hit_count && ++hits >= info->hit_count) { |
271 | ret = !ret; | 271 | ret = !ret; |
272 | break; | 272 | break; |
273 | } | 273 | } |