diff options
| author | David S. Miller <davem@davemloft.net> | 2013-02-26 17:24:26 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-02-26 17:24:26 -0500 |
| commit | b86c761f691d4f8f16b5a40c3d6b71c62e4cb04d (patch) | |
| tree | 611d2648429eff830a6c4047e12e108fef3173f4 | |
| parent | 3647d3450a494e0bea49403a7c3b625db1ebe57f (diff) | |
| parent | dd82088dab3646ed28e4aa43d1a5b5d5ffc2afba (diff) | |
Merge branch 'master' of git://1984.lsi.us.es/nf
Pablo Neira Ayuso says:
====================
The following patchset contains two bugfixes for netfilter/ipset via
Jozsef Kadlecsik, they are:
* Fix timeout corruption if sets are resized, by Josh Hunt.
* Fix bogus error report if the flag nomatch is set, from Jozsef.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/netfilter/ipset/ip_set_ahash.h | 4 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_core.c | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/include/linux/netfilter/ipset/ip_set_ahash.h b/include/linux/netfilter/ipset/ip_set_ahash.h index ef9acd3c8450..01d25e6fc792 100644 --- a/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/include/linux/netfilter/ipset/ip_set_ahash.h | |||
| @@ -854,6 +854,8 @@ type_pf_tresize(struct ip_set *set, bool retried) | |||
| 854 | retry: | 854 | retry: |
| 855 | ret = 0; | 855 | ret = 0; |
| 856 | htable_bits++; | 856 | htable_bits++; |
| 857 | pr_debug("attempt to resize set %s from %u to %u, t %p\n", | ||
| 858 | set->name, orig->htable_bits, htable_bits, orig); | ||
| 857 | if (!htable_bits) { | 859 | if (!htable_bits) { |
| 858 | /* In case we have plenty of memory :-) */ | 860 | /* In case we have plenty of memory :-) */ |
| 859 | pr_warning("Cannot increase the hashsize of set %s further\n", | 861 | pr_warning("Cannot increase the hashsize of set %s further\n", |
| @@ -873,7 +875,7 @@ retry: | |||
| 873 | data = ahash_tdata(n, j); | 875 | data = ahash_tdata(n, j); |
| 874 | m = hbucket(t, HKEY(data, h->initval, htable_bits)); | 876 | m = hbucket(t, HKEY(data, h->initval, htable_bits)); |
| 875 | ret = type_pf_elem_tadd(m, data, AHASH_MAX(h), 0, | 877 | ret = type_pf_elem_tadd(m, data, AHASH_MAX(h), 0, |
| 876 | type_pf_data_timeout(data)); | 878 | ip_set_timeout_get(type_pf_data_timeout(data))); |
| 877 | if (ret < 0) { | 879 | if (ret < 0) { |
| 878 | read_unlock_bh(&set->lock); | 880 | read_unlock_bh(&set->lock); |
| 879 | ahash_destroy(t); | 881 | ahash_destroy(t); |
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index f82b2e606cfd..1ba9dbc0e107 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c | |||
| @@ -1470,7 +1470,8 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb, | |||
| 1470 | if (ret == -EAGAIN) | 1470 | if (ret == -EAGAIN) |
| 1471 | ret = 1; | 1471 | ret = 1; |
| 1472 | 1472 | ||
| 1473 | return ret < 0 ? ret : ret > 0 ? 0 : -IPSET_ERR_EXIST; | 1473 | return (ret < 0 && ret != -ENOTEMPTY) ? ret : |
| 1474 | ret > 0 ? 0 : -IPSET_ERR_EXIST; | ||
| 1474 | } | 1475 | } |
| 1475 | 1476 | ||
| 1476 | /* Get headed data of a set */ | 1477 | /* Get headed data of a set */ |