From: Eric Dumazet Date: Wed, 12 Dec 2007 19:11:28 +0000 (-0800) Subject: [NETFILTER]: xt_hashlimit should use time_after_eq() X-Git-Tag: v2.6.24-rc6~67^2~15 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cbebc51f7b77d26ec23145d6ef22ac2b209f7955;p=linux-2.6 [NETFILTER]: xt_hashlimit should use time_after_eq() In order to avoid jiffies wraparound and its effect, special care must be taken when doing comparisons ... Signed-off-by: Eric Dumazet Acked-by: Patrick McHardy Signed-off-by: David S. Miller --- diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index 19103678bf..2ef44d8560 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -240,7 +240,7 @@ static bool select_all(const struct xt_hashlimit_htable *ht, static bool select_gc(const struct xt_hashlimit_htable *ht, const struct dsthash_ent *he) { - return jiffies >= he->expires; + return time_after_eq(jiffies, he->expires); } static void htable_selective_cleanup(struct xt_hashlimit_htable *ht,