summaryrefslogtreecommitdiffstats
path: root/net/netfilter/ipset
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@netfilter.org>2022-11-22 20:18:58 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2022-11-22 21:44:17 +0100
commit6a66ce44a51bdfc47721f0c591137df2d4b21247 (patch)
tree50baf1ca39069afc6417e2949f1d97c12b4b8086 /net/netfilter/ipset
parentc7aa1a76d4a0a3c401025b60c401412bbb60f8c6 (diff)
downloadlinux-6a66ce44a51bdfc47721f0c591137df2d4b21247.tar.gz
linux-6a66ce44a51bdfc47721f0c591137df2d4b21247.tar.bz2
linux-6a66ce44a51bdfc47721f0c591137df2d4b21247.zip
netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
The commit 510841da1fcc ("netfilter: ipset: enforce documented limit to prevent allocating huge memory") was too strict and prevented to add up to 64 clashing elements to a hash:net,iface type of set. This patch fixes the issue and now the type behaves as documented. Fixes: 510841da1fcc ("netfilter: ipset: enforce documented limit to prevent allocating huge memory") Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/ipset')
-rw-r--r--net/netfilter/ipset/ip_set_hash_gen.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 3adc291d9ce1..7499192af586 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -916,7 +916,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
#ifdef IP_SET_HASH_WITH_MULTI
if (h->bucketsize >= AHASH_MAX_TUNED)
goto set_full;
- else if (h->bucketsize < multi)
+ else if (h->bucketsize <= multi)
h->bucketsize += AHASH_INIT_SIZE;
#endif
if (n->size >= AHASH_MAX(h)) {