On Sunday 2012-09-23 14:43, Patrick McHardy wrote:
>Jan Engelhardt <jengelh@xxxxxxx> schrieb:
>
>>Commit v2.6.19-rc1~1272^2~41 tells us that r->cost != 0 can happen when
>>a running state is saved to userspace and then reinstated from there.
>>
>>Make sure that priv is initialized with some values when that happens.
>>
>>Signed-off-by: Jan Engelhardt <jengelh@xxxxxxx>
>>---
>> net/netfilter/xt_limit.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>>diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
>>index 5c22ce8..a4c1e45 100644
>>--- a/net/netfilter/xt_limit.c
>>+++ b/net/netfilter/xt_limit.c
>>@@ -117,11 +117,11 @@ static int limit_mt_check(const struct
>>xt_mtchk_param *par)
>>
>> /* For SMP, we only want to use one set of state. */
>> r->master = priv;
>>+ /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
>>+ 128. */
>>+ priv->prev = jiffies;
>>+ priv->credit = user2credits(r->avg * r->burst); /* Credits full. */
>> if (r->cost == 0) {
>>- /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
>>- 128. */
>>- priv->prev = jiffies;
>>- priv->credit = user2credits(r->avg * r->burst); /* Credits full. */
>> r->credit_cap = priv->credit; /* Credits full. */
>> r->cost = user2credits(r->avg);
>> }
>
>I don't think we can do any better than this.
"This" being the state as of 3.5, or this patch?
priv-> really should be initialized, somehow.
Being a kernel-only structure, can't rely on userspace to do it.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
