Skip to content

Commit

Permalink
netfilter: ipset: Support updating extensions when the set is full
Browse files Browse the repository at this point in the history 
When the set was full (hash type and maxelem reached), it was not
possible to update the extension part of already existing elements.
The patch removes this limitation.

Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=880
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Jozsef Kadlecsik authored and Pablo Neira Ayuso committed Dec 3, 2014
1 parent 4338c57 commit 86ac79c
Showing 1 changed file with 17 additions and 23 deletions.
40 changes: 17 additions & 23 deletions net/netfilter/ipset/ip_set_hash_gen.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -633,29 +633,6 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
bool flag_exist = flags & IPSET_FLAG_EXIST;
u32 key, multi = 0;

if (h->elements >= h->maxelem && SET_WITH_FORCEADD(set)) {
rcu_read_lock_bh();
t = rcu_dereference_bh(h->table);
key = HKEY(value, h->initval, t->htable_bits);
n = hbucket(t,key);
if (n->pos) {
/* Choosing the first entry in the array to replace */
j = 0;
goto reuse_slot;
}
rcu_read_unlock_bh();
}
if (SET_WITH_TIMEOUT(set) && h->elements >= h->maxelem)
/* FIXME: when set is full, we slow down here */
mtype_expire(set, h, NLEN(set->family), set->dsize);

if (h->elements >= h->maxelem) {
if (net_ratelimit())
pr_warn("Set %s is full, maxelem %u reached\n",
set->name, h->maxelem);
return -IPSET_ERR_HASH_FULL;
}

rcu_read_lock_bh();
t = rcu_dereference_bh(h->table);
key = HKEY(value, h->initval, t->htable_bits);
Expand All @@ -680,6 +657,23 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
j != AHASH_MAX(h) + 1)
j = i;
}
if (h->elements >= h->maxelem && SET_WITH_FORCEADD(set) && n->pos) {
/* Choosing the first entry in the array to replace */
j = 0;
goto reuse_slot;
}
if (SET_WITH_TIMEOUT(set) && h->elements >= h->maxelem)
/* FIXME: when set is full, we slow down here */
mtype_expire(set, h, NLEN(set->family), set->dsize);

if (h->elements >= h->maxelem) {
if (net_ratelimit())
pr_warn("Set %s is full, maxelem %u reached\n",
set->name, h->maxelem);
ret = -IPSET_ERR_HASH_FULL;
goto out;
}

reuse_slot:
if (j != AHASH_MAX(h) + 1) {
/* Fill out reused slot */
Expand Down

0 comments on commit 86ac79c

Please sign in to comment.