Re: [PATCH] netfilter: ipt_recent: sanity check hit count

From: Patrick McHardy
Date: Mon Mar 17 2008 - 10:05:18 EST

Next message: Serge E. Hallyn: "Re: [PATCH] cgroups: implement device whitelist lsm (v3)"
Previous message: Ric Wheeler: "Re: [ANNOUNCE] Ramback: faster than a speeding bullet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel Hokka Zakrisson wrote:

If a rule using ipt_recent is created with a hit count greater than
ip_pkt_list_tot, the rule will never match as it cannot keep track
of enough timestamps. This patch makes ipt_recent refuse to create such
rules.

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Serge E. Hallyn: "Re: [PATCH] cgroups: implement device whitelist lsm (v3)"
Previous message: Ric Wheeler: "Re: [ANNOUNCE] Ramback: faster than a speeding bullet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]