summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2012-06-08 10:02:59 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2012-06-08 10:02:59 +0200
commited668b564ed32d1784f6a8b25b3c130e0d6a9ee9 (patch)
treebe444931f98106f1ee0497614f80138b48e897dc /kernel
parent0907c31db34713f0e74b90f725fabb5c91c5f45f (diff)
Timeout fixing bug broke SET target special timeout value, fixed
The patch "Fix timeout value overflow bug at large timeout parameters" broke the SET target when no timeout was specified (reported by Jean-Philippe Menil).
Diffstat (limited to 'kernel')
-rw-r--r--kernel/net/netfilter/xt_set.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index 035960e..b172cbc 100644
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -16,6 +16,7 @@
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_set.h>
+#include <linux/netfilter/ipset/ip_set_timeout.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -310,7 +311,8 @@ set_target_v2(struct sk_buff *skb, const struct xt_action_param *par)
info->del_set.flags, 0, UINT_MAX);
/* Normalize to fit into jiffies */
- if (add_opt.timeout > UINT_MAX/MSEC_PER_SEC)
+ if (add_opt.timeout != IPSET_NO_TIMEOUT
+ && add_opt.timeout > UINT_MAX/MSEC_PER_SEC)
add_opt.timeout = UINT_MAX/MSEC_PER_SEC;
if (info->add_set.index != IPSET_INVALID_ID)
ip_set_add(info->add_set.index, skb, par, &add_opt);