Message ID | 1417373825-3734-2-git-send-email-kadlec@blackhole.kfki.hu |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
On Sun, Nov 30, 2014 at 07:56:52PM +0100, Jozsef Kadlecsik wrote: > When the set was full (hash type and maxelem reached), it was not > possible to update the extension part of already existing elements. > The patch removes this limitation. (Fixes netfilter bugzilla id 880.) Could you please add this: https://bugzilla.netfilter.org/show_bug.cgi?id=880 for quick browsing. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Dec 02, 2014 at 07:46:44PM +0100, Pablo Neira Ayuso wrote: > On Sun, Nov 30, 2014 at 07:56:52PM +0100, Jozsef Kadlecsik wrote: > > When the set was full (hash type and maxelem reached), it was not > > possible to update the extension part of already existing elements. > > The patch removes this limitation. (Fixes netfilter bugzilla id 880.) > > Could you please add this: > > https://bugzilla.netfilter.org/show_bug.cgi?id=880 > > for quick browsing. Thanks. I can fix this here. Actually, I can manually apply from 1 to 6 in the next batch I'm going to send to David. I would like to make sure at least those get to him in time, -rc7 is already out so we merge window may close by this weekend / beginning next week (just predicting). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 2 Dec 2014, Pablo Neira Ayuso wrote: > On Tue, Dec 02, 2014 at 07:46:44PM +0100, Pablo Neira Ayuso wrote: > > On Sun, Nov 30, 2014 at 07:56:52PM +0100, Jozsef Kadlecsik wrote: > > > When the set was full (hash type and maxelem reached), it was not > > > possible to update the extension part of already existing elements. > > > The patch removes this limitation. (Fixes netfilter bugzilla id 880.) > > > > Could you please add this: > > > > https://bugzilla.netfilter.org/show_bug.cgi?id=880 > > > > for quick browsing. Thanks. > > I can fix this here. > > Actually, I can manually apply from 1 to 6 in the next batch I'm going > to send to David. > > I would like to make sure at least those get to him in time, -rc7 is > already out so we merge window may close by this weekend / beginning > next week (just predicting). Thanks, Pablo indeed! Then I'll focus on the second part of the patches. Best regards, jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Dec 03, 2014 at 12:26:52PM +0100, Jozsef Kadlecsik wrote: > On Tue, 2 Dec 2014, Pablo Neira Ayuso wrote: > > > On Tue, Dec 02, 2014 at 07:46:44PM +0100, Pablo Neira Ayuso wrote: > > > On Sun, Nov 30, 2014 at 07:56:52PM +0100, Jozsef Kadlecsik wrote: > > > > When the set was full (hash type and maxelem reached), it was not > > > > possible to update the extension part of already existing elements. > > > > The patch removes this limitation. (Fixes netfilter bugzilla id 880.) > > > > > > Could you please add this: > > > > > > https://bugzilla.netfilter.org/show_bug.cgi?id=880 > > > > > > for quick browsing. Thanks. > > > > I can fix this here. > > > > Actually, I can manually apply from 1 to 6 in the next batch I'm going > > to send to David. > > > > I would like to make sure at least those get to him in time, -rc7 is > > already out so we merge window may close by this weekend / beginning > > next week (just predicting). > > Thanks, Pablo indeed! Then I'll focus on the second part of the patches. Thanks Jozsef. Applied from 1-6. I'm going to prepare a batch for David. Please, focus on your rcu patches, I'll do my best to get this in this merge window. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h index fee7c64e..a12ee04 100644 --- a/net/netfilter/ipset/ip_set_hash_gen.h +++ b/net/netfilter/ipset/ip_set_hash_gen.h @@ -633,29 +633,6 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, bool flag_exist = flags & IPSET_FLAG_EXIST; u32 key, multi = 0; - if (h->elements >= h->maxelem && SET_WITH_FORCEADD(set)) { - rcu_read_lock_bh(); - t = rcu_dereference_bh(h->table); - key = HKEY(value, h->initval, t->htable_bits); - n = hbucket(t,key); - if (n->pos) { - /* Choosing the first entry in the array to replace */ - j = 0; - goto reuse_slot; - } - rcu_read_unlock_bh(); - } - if (SET_WITH_TIMEOUT(set) && h->elements >= h->maxelem) - /* FIXME: when set is full, we slow down here */ - mtype_expire(set, h, NLEN(set->family), set->dsize); - - if (h->elements >= h->maxelem) { - if (net_ratelimit()) - pr_warn("Set %s is full, maxelem %u reached\n", - set->name, h->maxelem); - return -IPSET_ERR_HASH_FULL; - } - rcu_read_lock_bh(); t = rcu_dereference_bh(h->table); key = HKEY(value, h->initval, t->htable_bits); @@ -680,6 +657,23 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, j != AHASH_MAX(h) + 1) j = i; } + if (h->elements >= h->maxelem && SET_WITH_FORCEADD(set) && n->pos) { + /* Choosing the first entry in the array to replace */ + j = 0; + goto reuse_slot; + } + if (SET_WITH_TIMEOUT(set) && h->elements >= h->maxelem) + /* FIXME: when set is full, we slow down here */ + mtype_expire(set, h, NLEN(set->family), set->dsize); + + if (h->elements >= h->maxelem) { + if (net_ratelimit()) + pr_warn("Set %s is full, maxelem %u reached\n", + set->name, h->maxelem); + ret = -IPSET_ERR_HASH_FULL; + goto out; + } + reuse_slot: if (j != AHASH_MAX(h) + 1) { /* Fill out reused slot */
When the set was full (hash type and maxelem reached), it was not possible to update the extension part of already existing elements. The patch removes this limitation. (Fixes netfilter bugzilla id 880.) Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> --- net/netfilter/ipset/ip_set_hash_gen.h | 40 +++++++++++++++-------------------- 1 file changed, 17 insertions(+), 23 deletions(-)