diff options
author | Jozsef Kadlecsik <kadlec@netfilter.org> | 2022-11-22 20:18:58 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-11-22 21:44:17 +0100 |
commit | 6a66ce44a51bdfc47721f0c591137df2d4b21247 (patch) | |
tree | 50baf1ca39069afc6417e2949f1d97c12b4b8086 /net/netfilter/ipset | |
parent | c7aa1a76d4a0a3c401025b60c401412bbb60f8c6 (diff) | |
download | linux-6a66ce44a51bdfc47721f0c591137df2d4b21247.tar.gz linux-6a66ce44a51bdfc47721f0c591137df2d4b21247.tar.bz2 linux-6a66ce44a51bdfc47721f0c591137df2d4b21247.zip |
netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
The commit 510841da1fcc ("netfilter: ipset: enforce documented limit to
prevent allocating huge memory") was too strict and prevented to add up to
64 clashing elements to a hash:net,iface type of set. This patch fixes the
issue and now the type behaves as documented.
Fixes: 510841da1fcc ("netfilter: ipset: enforce documented limit to prevent allocating huge memory")
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/ipset')
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_gen.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h index 3adc291d9ce1..7499192af586 100644 --- a/net/netfilter/ipset/ip_set_hash_gen.h +++ b/net/netfilter/ipset/ip_set_hash_gen.h @@ -916,7 +916,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, #ifdef IP_SET_HASH_WITH_MULTI if (h->bucketsize >= AHASH_MAX_TUNED) goto set_full; - else if (h->bucketsize < multi) + else if (h->bucketsize <= multi) h->bucketsize += AHASH_INIT_SIZE; #endif if (n->size >= AHASH_MAX(h)) { |