projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c7aa1a7)
netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
authorJozsef Kadlecsik <kadlec@netfilter.org>
Tue, 22 Nov 2022 19:18:58 +0000 (20:18 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 22 Nov 2022 20:44:17 +0000 (21:44 +0100)
The commit 510841da1fcc ("netfilter: ipset: enforce documented limit to
prevent allocating huge memory") was too strict and prevented to add up to
64 clashing elements to a hash:net,iface type of set. This patch fixes the
issue and now the type behaves as documented.

Fixes: 510841da1fcc ("netfilter: ipset: enforce documented limit to prevent allocating huge memory")
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/ipset/ip_set_hash_gen.h patch | blob | history

diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 3adc291..7499192 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -916,7 +916,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
 #ifdef IP_SET_HASH_WITH_MULTI
                if (h->bucketsize >= AHASH_MAX_TUNED)
                        goto set_full;
-               else if (h->bucketsize < multi)
+               else if (h->bucketsize <= multi)
                        h->bucketsize += AHASH_INIT_SIZE;
 #endif
                if (n->size >= AHASH_MAX(h)) {
Domain: System / Kernel;