diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-04-09 08:57:20 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-04-09 21:04:16 +0200 |
commit | 6eb4c7e96e19fd2c38a103472048fc0e0e0a3ec3 (patch) | |
tree | b1a7a2ef0b8ec7771722beb75187199c04f31ebe /net/netfilter/ipset/ip_set_hash_ipportnet.c | |
parent | netfilter: ipset: list:set: fix reference counter update (diff) | |
download | linux-dev-6eb4c7e96e19fd2c38a103472048fc0e0e0a3ec3.tar.xz linux-dev-6eb4c7e96e19fd2c38a103472048fc0e0e0a3ec3.zip |
netfilter: ipset: hash:*net*: nomatch flag not excluded on set resize
If a resize is triggered the nomatch flag is not excluded at hashing,
which leads to the element missed at lookup in the resized set.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/ipset/ip_set_hash_ipportnet.c')
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportnet.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c index f2627226a087..10a30b4fc7db 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c @@ -104,6 +104,15 @@ hash_ipportnet4_data_flags(struct hash_ipportnet4_elem *dst, u32 flags) dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); } +static inline void +hash_ipportnet4_data_reset_flags(struct hash_ipportnet4_elem *dst, u32 *flags) +{ + if (dst->nomatch) { + *flags = IPSET_FLAG_NOMATCH; + dst->nomatch = 0; + } +} + static inline int hash_ipportnet4_data_match(const struct hash_ipportnet4_elem *elem) { @@ -414,6 +423,15 @@ hash_ipportnet6_data_flags(struct hash_ipportnet6_elem *dst, u32 flags) dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); } +static inline void +hash_ipportnet6_data_reset_flags(struct hash_ipportnet6_elem *dst, u32 *flags) +{ + if (dst->nomatch) { + *flags = IPSET_FLAG_NOMATCH; + dst->nomatch = 0; + } +} + static inline int hash_ipportnet6_data_match(const struct hash_ipportnet6_elem *elem) { |