diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-06-08 10:02:59 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-06-08 10:02:59 +0200 |
| commit | ed668b564ed32d1784f6a8b25b3c130e0d6a9ee9 (patch) | |
| tree | be444931f98106f1ee0497614f80138b48e897dc | |
| parent | 0907c31db34713f0e74b90f725fabb5c91c5f45f (diff) | |
Timeout fixing bug broke SET target special timeout value, fixed
The patch "Fix timeout value overflow bug at large timeout parameters"
broke the SET target when no timeout was specified (reported by
Jean-Philippe Menil).
| -rw-r--r-- | kernel/net/netfilter/xt_set.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c index 035960e..b172cbc 100644 --- a/kernel/net/netfilter/xt_set.c +++ b/kernel/net/netfilter/xt_set.c @@ -16,6 +16,7 @@ #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_set.h> +#include <linux/netfilter/ipset/ip_set_timeout.h> MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); @@ -310,7 +311,8 @@ set_target_v2(struct sk_buff *skb, const struct xt_action_param *par) info->del_set.flags, 0, UINT_MAX); /* Normalize to fit into jiffies */ - if (add_opt.timeout > UINT_MAX/MSEC_PER_SEC) + if (add_opt.timeout != IPSET_NO_TIMEOUT + && add_opt.timeout > UINT_MAX/MSEC_PER_SEC) add_opt.timeout = UINT_MAX/MSEC_PER_SEC; if (info->add_set.index != IPSET_INVALID_ID) ip_set_add(info->add_set.index, skb, par, &add_opt); |