On 03/19/2010 10:32 AM, Patrick McHardy wrote:
Thomas Jarosch wrote:
On Friday, 19. March 2010 16:41:49 you wrote:
Maybe this is related to the xt_recent
proc interface creating the entry
(with a zero hit count)?
Mhh, looking at that patch again, I think it should actually do:
if (!info->hit_count || ++hits>= info->hit_count)
...
since a hit_count of 0 implies that the user just wants to check for the
presence of the entry. Thomas, could you give that a try?
The new code works. Isn't that almost the same as reverting
the original patch? info->hit_count == 0 will match again.
So we could just go back to
"if (++hits>= info->hit_count)"
Or am I missing something?
I think you're right. Tim, please remind me, why was the match on zero
hits considered a false positive?
Because it looked like it? Maybe its just whining after the fact, but 3
of us missed that it was also an exit condition. IMHO it was too subtle.
I like your final patch much better because, as Thomas pointed out, it
makes it a bit clearer what that clause is doing.
rtg
--
Tim Gardner timg@xxxxxxx www.tpi.com
OR 503-601-0234 x102 MT 406-443-5357
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
