From patchwork Mon Mar 16 13:40:16 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sergey Popovich X-Patchwork-Id: 450583 X-Patchwork-Delegate: kadlec@blackhole.kfki.hu Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 80D23140083 for ; Tue, 17 Mar 2015 01:06:44 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="verification failed; unprotected key" header.d=mail.ua header.i=@mail.ua header.b=KuZCwUAK; dkim-adsp=fail (unprotected policy); dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753660AbbCPOGn (ORCPT ); Mon, 16 Mar 2015 10:06:43 -0400 Received: from fallback6.mail.ru ([94.100.181.147]:42824 "EHLO fallback6.mail.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751793AbbCPOGm (ORCPT ); Mon, 16 Mar 2015 10:06:42 -0400 Received: from smtp32.i.mail.ru (smtp32.i.mail.ru [94.100.177.92]) by fallback6.mail.ru (mPOP.Fallback_MX) with ESMTP id 521D41AAB42 for ; Mon, 16 Mar 2015 16:40:23 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ua; s=mail; h=References:In-Reply-To:Message-Id:Date:Subject:To:From; bh=4zPRSX92ZL97/J99rux6o/+ZJVTmGm8cv8/OKOVwrY8=; b=KuZCwUAKhmGMAP0TuLPBlUUH5I5EBnVV6ntAk9UOhypUeQdLQWWID3m9xpGIKnAil/GmbMSGusF6FLjh9jjVt8SpHtCdwnhz7g7YQK/HCx9vOsshBBmCdP8ZXWbC0bkeoL22G3vmjuzoAdMPKrpA8oQu0YWZyuJTEK8GXmjF2kw=; Received: from [2a01:6d80::195:20:96:53] (port=57337 helo=tuxracer.localdomain) by smtp32.i.mail.ru with esmtpa (envelope-from ) id 1YXVFl-0006MQ-PG; Mon, 16 Mar 2015 16:40:22 +0300 From: Sergey Popovich To: netfilter-devel@vger.kernel.org, popovich_sergei@mail.ru Subject: netfilter: ipset: Remove expired entries on set resize Date: Mon, 16 Mar 2015 15:40:16 +0200 Message-Id: X-Mailer: git-send-email 1.7.10.4 In-Reply-To: References: X-Spam: Not detected X-Mras: Ok Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org If set resize requested try to remove expired entries on timeout enabled set first and retry adding element. Try this only once, of adding element fails again perform actual set resize. Fix expected behaviour by setting retried variable after resize routine is called, as setting this to true before calling resize will always ignore attempt to remove expired entries from the set. Signed-off-by: Sergey Popovich --- net/netfilter/ipset/ip_set_core.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index fb1f2b4..96e4f2f 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1410,10 +1410,16 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set, write_lock_bh(&set->lock); ret = set->variant->uadt(set, tb, adt, &lineno, flags, retried); write_unlock_bh(&set->lock); + + if (ret != -EAGAIN || !set->variant->resize) + break; + + ret = set->variant->resize(set, retried); + if (ret) + break; + retried = true; - } while (ret == -EAGAIN && - set->variant->resize && - (ret = set->variant->resize(set, retried)) == 0); + } while (1); if (!ret || (ret == -IPSET_ERR_EXIST && eexist)) return 0;