AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
cef9ed86ed
kernel_optimize_test/net
History
Florian Westphal cef9ed86ed netfilter: xt_recent: don't reject rule if new hitcount exceeds table max 
given:
-A INPUT -m recent --update --seconds 30 --hitcount 4
and
iptables-save > foo

then
iptables-restore < foo

will fail with:
kernel: xt_recent: hitcount (4) is larger than packets to be remembered (4) for table DEFAULT

Even when the check is fixed, the restore won't work if the hitcount is
increased to e.g. 6, since by the time checkentry runs it will find the
'old' incarnation of the table.

We can avoid this by increasing the maximum threshold silently; we only
have to rm all the current entries of the table (these entries would
not have enough room to handle the increased hitcount).

This even makes (not-very-useful)
-A INPUT -m recent --update --seconds 30 --hitcount 4
-A INPUT -m recent --update --seconds 30 --hitcount 42
work.

Fixes: abc86d0f99 (netfilter: xt_recent: relax ip_pkt_list_tot restrictions)
Tracked-down-by: Chris Vine <chris@cvine.freeserve.co.uk>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-02-16 17:00:47 +01:00
..
6lowpan net/6lowpan: Remove FSF address from GPL statement. 2014-12-05 12:43:04 +01:00
9p
802
8021q vlan: Add ability to always enable TSO/UFO 2014-12-12 10:58:53 -05:00
appletalk new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
atm put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
ax25 new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
batman-adv batman-adv: fix potential TT client + orig-node memory leak 2015-01-06 11:07:01 +01:00
bluetooth Bluetooth: Fix accepting connections when not using mgmt 2014-12-24 20:02:00 +01:00
bridge netfilter: nf_tables: validate hooks in NAT expressions 2015-01-19 14:52:39 +01:00
caif caif: remove wrong dev_net_set() call 2015-01-29 14:20:02 -08:00
can can: fix spelling errors 2014-12-07 21:22:05 +01:00
ceph libceph: fix sparse endianness warnings 2015-01-08 20:36:57 +03:00
core net: Fix vlan_get_protocol for stacked vlan 2015-01-30 18:03:47 -08:00
dcb
dccp net: introduce helper macro for_each_cmsghdr 2014-12-10 22:41:55 -05:00
decnet new helper: memcpy_to_msg() 2014-11-24 04:28:51 -05:00
dns_resolver
dsa net: dsa: set slave MII bus PHY mask 2015-01-25 16:00:54 -08:00
ethernet
hsr
ieee802154 Merge tag 'master-2014-12-08' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next 2014-12-09 18:12:03 -05:00
ipv4 ipv4: tcp: get rid of ugly unicast_sock 2015-02-01 23:06:19 -08:00
ipv6 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2015-01-27 00:28:38 -08:00
ipx switch ipxrtr_route_packet() from iovec to msghdr 2014-11-24 04:28:49 -05:00
irda irda: Convert function pointer arrays and uses to const 2014-12-10 15:33:16 -05:00
iucv net: introduce helper macro for_each_cmsghdr 2014-12-10 22:41:55 -05:00
key new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
l2tp ip_generic_getfrag, udplite_getfrag: switch to passing msghdr 2014-12-09 16:28:22 -05:00
lapb
llc net: llc: use correct size for sysctl timeout entries 2015-01-25 00:23:21 -08:00
mac80211 mac80211: properly set CCK flag in radiotap 2015-01-23 10:53:58 +01:00
mac802154 mac802154: use goto label on failure 2014-12-05 14:18:42 +01:00
mpls mpls: Fix allowed protocols for mpls gso 2014-12-23 23:57:31 -05:00
netfilter netfilter: xt_recent: don't reject rule if new hitcount exceeds table max 2015-02-16 17:00:47 +01:00
netlabel
netlink netlink: fix wrong subscription bitmask to group mapping in 2015-01-30 17:43:47 -08:00
netrom new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
nfc Merge tag 'master-2014-12-08' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next 2014-12-09 18:12:03 -05:00
openvswitch openvswitch: packet messages need their own probe attribtue 2015-01-14 16:49:44 -05:00
packet packet: bail out of packet_snd() if L2 header creation fails 2015-01-11 21:54:03 -05:00
phonet new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
rds rds: Fix min() warning in rds_message_inc_copy_to_user() 2014-12-15 11:49:09 -05:00
rfkill Driver core patches for 3.19-rc1 2014-12-14 16:10:09 -08:00
rose new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
rxrpc net: introduce helper macro for_each_cmsghdr 2014-12-10 22:41:55 -05:00
sched net: cls_bpf: fix auto generation of per list handles 2015-01-26 15:50:19 -08:00
sctp net: sctp: fix passing wrong parameter header to param_type2af in sctp_process_param 2015-01-30 17:45:23 -08:00
sunrpc rpc: fix xdr_truncate_encode to handle buffer ending on page boundary 2015-01-07 14:03:58 -05:00
switchdev bridge: call netdev_sw_port_stp_update when bridge port STP status changes 2014-12-02 20:01:22 -08:00
tipc tipc: fix bug in broadcast retransmit code 2015-01-12 16:01:59 -05:00
unix put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
vmw_vsock put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
wimax
wireless Another set of last-minute fixes: 2015-01-26 17:32:24 -08:00
x25 new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2014-12-08 21:30:21 -05:00
compat.c put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
Kconfig net: introduce generic switch devices support 2014-12-02 20:01:20 -08:00
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2014-12-16 15:53:03 -08:00
socket.c net: don't OOPS on socket aio 2015-01-27 12:25:33 -08:00
sysctl_net.c