[NETFILTER]: xt_limit: don't reset state on unrelated rule updates
Patrick McHardy [Wed, 20 Sep 2006 18:59:25 +0000 (11:59 -0700)]
The limit match reinitializes its state whenever the ruleset changes,
which means it will forget about previously used credits.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/netfilter/xt_limit.c

index b9c9ff3..8bfcbdf 100644 (file)
@@ -122,16 +122,16 @@ ipt_limit_checkentry(const char *tablename,
                return 0;
        }
 
-       /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
-          128. */
-       r->prev = jiffies;
-       r->credit = user2credits(r->avg * r->burst);     /* Credits full. */
-       r->credit_cap = user2credits(r->avg * r->burst); /* Credits full. */
-       r->cost = user2credits(r->avg);
-
        /* For SMP, we only want to use one set of counters. */
        r->master = r;
-
+       if (r->cost == 0) {
+               /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
+                  128. */
+               r->prev = jiffies;
+               r->credit = user2credits(r->avg * r->burst);     /* Credits full. */
+               r->credit_cap = user2credits(r->avg * r->burst); /* Credits full. */
+               r->cost = user2credits(r->avg);
+       }
        return 1;
 }