Skip to content

Commit

Permalink
netfilter: ipset: Log warning when a hash type of set gets full
Browse files Browse the repository at this point in the history 
If the set is full, the SET target cannot add more elements.
Log warning so that the admin got notified about it.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Jozsef Kadlecsik authored and Pablo Neira Ayuso committed Mar 7, 2012
1 parent ae8ded1 commit 0927a1a
Showing 1 changed file with 18 additions and 4 deletions.
22 changes: 18 additions & 4 deletions include/linux/netfilter/ipset/ip_set_ahash.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,9 +353,12 @@ type_pf_resize(struct ip_set *set, bool retried)
htable_bits++;
pr_debug("attempt to resize set %s from %u to %u, t %p\n",
set->name, orig->htable_bits, htable_bits, orig);
if (!htable_bits)
if (!htable_bits) {
/* In case we have plenty of memory :-) */
pr_warning("Cannot increase the hashsize of set %s further\n",
set->name);
return -IPSET_ERR_HASH_FULL;
}
t = ip_set_alloc(sizeof(*t)
+ jhash_size(htable_bits) * sizeof(struct hbucket));
if (!t)
Expand Down Expand Up @@ -407,8 +410,12 @@ type_pf_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
int i, ret = 0;
u32 key, multi = 0;

if (h->elements >= h->maxelem)
if (h->elements >= h->maxelem) {
if (net_ratelimit())
pr_warning("Set %s is full, maxelem %u reached\n",
set->name, h->maxelem);
return -IPSET_ERR_HASH_FULL;
}

rcu_read_lock_bh();
t = rcu_dereference_bh(h->table);
Expand Down Expand Up @@ -790,9 +797,12 @@ type_pf_tresize(struct ip_set *set, bool retried)
retry:
ret = 0;
htable_bits++;
if (!htable_bits)
if (!htable_bits) {
/* In case we have plenty of memory :-) */
pr_warning("Cannot increase the hashsize of set %s further\n",
set->name);
return -IPSET_ERR_HASH_FULL;
}
t = ip_set_alloc(sizeof(*t)
+ jhash_size(htable_bits) * sizeof(struct hbucket));
if (!t)
Expand Down Expand Up @@ -843,8 +853,12 @@ type_pf_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
if (h->elements >= h->maxelem)
/* FIXME: when set is full, we slow down here */
type_pf_expire(h);
if (h->elements >= h->maxelem)
if (h->elements >= h->maxelem) {
if (net_ratelimit())
pr_warning("Set %s is full, maxelem %u reached\n",
set->name, h->maxelem);
return -IPSET_ERR_HASH_FULL;
}

rcu_read_lock_bh();
t = rcu_dereference_bh(h->table);
Expand Down

0 comments on commit 0927a1a

Please sign in to comment.