summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@netfilter.org>2022-11-21 13:16:56 +0100
committerJozsef Kadlecsik <kadlec@netfilter.org>2022-11-21 13:19:48 +0100
commitd0e0631ff8448841571cb2be31c0ddb7e2f86371 (patch)
tree74d39aa08b8ac77cbcaebf167be8d90855e492a8 /kernel
parente39e3466d2d38cdfe83447f391b550e607bc3ce8 (diff)
netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
The patch "netfilter: ipset: enforce documented limit to prevent allocating huge memory" was too strict and prevented to add up to 64 clashing elements to a hash:net,iface type of set. This patch fixes the issue and now the type behaves as documented.
Diffstat (limited to 'kernel')
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_gen.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_gen.h b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
index 9fc4f9d..af38991 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
@@ -929,7 +929,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
#ifdef IP_SET_HASH_WITH_MULTI
if (h->bucketsize >= AHASH_MAX_TUNED)
goto set_full;
- else if (h->bucketsize < multi)
+ else if (h->bucketsize <= multi)
h->bucketsize += AHASH_INIT_SIZE;
#endif
if (n->size >= AHASH_MAX(h)) {