From cef553009b5181ae3c9f465c0e300ec8c8b37fbd Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Fri, 1 Jun 2018 20:59:14 +0200
Subject: Limit max timeout value to (UINT_MAX >> 1)/MSEC_PER_SEC

Due to the negative value condition in msecs_to_jiffies(), the real
max possible timeout value must be set to (UINT_MAX >> 1)/MSEC_PER_SEC.

Neutron Soutmun proposed the proper fix, but an insufficient one was
applied, see https://patchwork.ozlabs.org/patch/400405/.
---
 src/ipset.8 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/ipset.8 b/src/ipset.8
index cd8c3ad..87fb938 100644
--- a/src/ipset.8
+++ b/src/ipset.8
@@ -271,7 +271,8 @@ for new entries. If a set is created with timeout support, then the same
 \fBtimeout\fR option can be used to specify non\-default timeout values
 when adding entries. Zero timeout value means the entry is added permanent to the set.
 The timeout value of already added elements can be changed by re-adding the element
-using the \fB\-exist\fR option. Example:
+using the \fB\-exist\fR option. The largest possible timeout value is 2147483
+(in seconds). Example:
 .IP
 ipset create test hash:ip timeout 300
 .IP
-- 
cgit v1.2.3