mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-06 20:55:13 +02:00
b132101b63
Fixes a bug whereby an ST_ALLOWED peer existing for a time greater than gc_expir_time would be gc-deleted, because both !has_logged_during_this_minute(peer) and is_interknock_time_exceeded(peer, rule->max_time) would be satisfied for ST_ALLOWED hosts. We also no longer test for !has_logged_during_this_minute(peer) in peer_gc(), since there is really no need for this: the anti-spoof minute check is performed (and subsequent remove_peer(peer) called if needed) for each passing UDP-mode peer with expired autoclose in pknock_mt(), given that --autoclose has been specified. If autoclose has not been set, it will be subject to reset_knock_status(peer) called from knock_mt() upon receiving the first closing secret - so it is still guaranteed to disappear at the closest opportunity. Signed-off-by: Jan Rafaj <jr+netfilter-devel@cedric.unob.cz>