diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-10 11:04:32 -0500 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-03-07 11:40:33 -0500 |
commit | 0927a1ac63388271d58e9f7352d71434e1271374 (patch) | |
tree | 616865c840ed9d2a6248aeab2297a592ad06e51e | |
parent | ae8ded1cb88b9c24f3c9552ca9eefd894b069716 (diff) |
netfilter: ipset: Log warning when a hash type of set gets full
If the set is full, the SET target cannot add more elements.
Log warning so that the admin got notified about it.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | include/linux/netfilter/ipset/ip_set_ahash.h | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/include/linux/netfilter/ipset/ip_set_ahash.h b/include/linux/netfilter/ipset/ip_set_ahash.h index b89fb79cb44f..bd1fc8d16851 100644 --- a/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/include/linux/netfilter/ipset/ip_set_ahash.h | |||
@@ -353,9 +353,12 @@ retry: | |||
353 | htable_bits++; | 353 | htable_bits++; |
354 | pr_debug("attempt to resize set %s from %u to %u, t %p\n", | 354 | pr_debug("attempt to resize set %s from %u to %u, t %p\n", |
355 | set->name, orig->htable_bits, htable_bits, orig); | 355 | set->name, orig->htable_bits, htable_bits, orig); |
356 | if (!htable_bits) | 356 | if (!htable_bits) { |
357 | /* In case we have plenty of memory :-) */ | 357 | /* In case we have plenty of memory :-) */ |
358 | pr_warning("Cannot increase the hashsize of set %s further\n", | ||
359 | set->name); | ||
358 | return -IPSET_ERR_HASH_FULL; | 360 | return -IPSET_ERR_HASH_FULL; |
361 | } | ||
359 | t = ip_set_alloc(sizeof(*t) | 362 | t = ip_set_alloc(sizeof(*t) |
360 | + jhash_size(htable_bits) * sizeof(struct hbucket)); | 363 | + jhash_size(htable_bits) * sizeof(struct hbucket)); |
361 | if (!t) | 364 | if (!t) |
@@ -407,8 +410,12 @@ type_pf_add(struct ip_set *set, void *value, u32 timeout, u32 flags) | |||
407 | int i, ret = 0; | 410 | int i, ret = 0; |
408 | u32 key, multi = 0; | 411 | u32 key, multi = 0; |
409 | 412 | ||
410 | if (h->elements >= h->maxelem) | 413 | if (h->elements >= h->maxelem) { |
414 | if (net_ratelimit()) | ||
415 | pr_warning("Set %s is full, maxelem %u reached\n", | ||
416 | set->name, h->maxelem); | ||
411 | return -IPSET_ERR_HASH_FULL; | 417 | return -IPSET_ERR_HASH_FULL; |
418 | } | ||
412 | 419 | ||
413 | rcu_read_lock_bh(); | 420 | rcu_read_lock_bh(); |
414 | t = rcu_dereference_bh(h->table); | 421 | t = rcu_dereference_bh(h->table); |
@@ -790,9 +797,12 @@ type_pf_tresize(struct ip_set *set, bool retried) | |||
790 | retry: | 797 | retry: |
791 | ret = 0; | 798 | ret = 0; |
792 | htable_bits++; | 799 | htable_bits++; |
793 | if (!htable_bits) | 800 | if (!htable_bits) { |
794 | /* In case we have plenty of memory :-) */ | 801 | /* In case we have plenty of memory :-) */ |
802 | pr_warning("Cannot increase the hashsize of set %s further\n", | ||
803 | set->name); | ||
795 | return -IPSET_ERR_HASH_FULL; | 804 | return -IPSET_ERR_HASH_FULL; |
805 | } | ||
796 | t = ip_set_alloc(sizeof(*t) | 806 | t = ip_set_alloc(sizeof(*t) |
797 | + jhash_size(htable_bits) * sizeof(struct hbucket)); | 807 | + jhash_size(htable_bits) * sizeof(struct hbucket)); |
798 | if (!t) | 808 | if (!t) |
@@ -843,8 +853,12 @@ type_pf_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags) | |||
843 | if (h->elements >= h->maxelem) | 853 | if (h->elements >= h->maxelem) |
844 | /* FIXME: when set is full, we slow down here */ | 854 | /* FIXME: when set is full, we slow down here */ |
845 | type_pf_expire(h); | 855 | type_pf_expire(h); |
846 | if (h->elements >= h->maxelem) | 856 | if (h->elements >= h->maxelem) { |
857 | if (net_ratelimit()) | ||
858 | pr_warning("Set %s is full, maxelem %u reached\n", | ||
859 | set->name, h->maxelem); | ||
847 | return -IPSET_ERR_HASH_FULL; | 860 | return -IPSET_ERR_HASH_FULL; |
861 | } | ||
848 | 862 | ||
849 | rcu_read_lock_bh(); | 863 | rcu_read_lock_bh(); |
850 | t = rcu_dereference_bh(h->table); | 864 | t = rcu_dereference_bh(h->table); |