netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface

The patch "netfilter: ipset: enforce documented limit to prevent allocating huge memory" was too strict and prevented to add up to 64 clashing elements to a hash:net,iface type of set. This patch fixes the issue and now the type behaves as documented.
author: Jozsef Kadlecsik <kadlec@netfilter.org> 2022-11-21 13:16:56 +0100
committer: Jozsef Kadlecsik <kadlec@netfilter.org> 2022-11-21 13:19:48 +0100
commit: d0e0631ff8448841571cb2be31c0ddb7e2f86371 (patch)
tree: 74d39aa08b8ac77cbcaebf167be8d90855e492a8 /kernel
parent: e39e3466d2d38cdfe83447f391b550e607bc3ce8 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_gen.h b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
index 9fc4f9d..af38991 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
@@ -929,7 +929,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
 #ifdef IP_SET_HASH_WITH_MULTI
 		if (h->bucketsize >= AHASH_MAX_TUNED)
 			goto set_full;
-		else if (h->bucketsize < multi)
+		else if (h->bucketsize <= multi)
 			h->bucketsize += AHASH_INIT_SIZE;
 #endif
 		if (n->size >= AHASH_MAX(h)) {
author	Jozsef Kadlecsik <kadlec@netfilter.org>	2022-11-21 13:16:56 +0100
committer	Jozsef Kadlecsik <kadlec@netfilter.org>	2022-11-21 13:19:48 +0100
commit	d0e0631ff8448841571cb2be31c0ddb7e2f86371 (patch)
tree	74d39aa08b8ac77cbcaebf167be8d90855e492a8 /kernel
parent	e39e3466d2d38cdfe83447f391b550e607bc3ce8 (diff)