netfilter: nf_tables: permit update of set size
Now that set->nelems is always updated permit update of the sets max size. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Родитель
78aa23d008
Коммит
96b2ef9b16
|
@ -1589,6 +1589,7 @@ struct nft_trans_set {
|
||||||
u64 timeout;
|
u64 timeout;
|
||||||
bool update;
|
bool update;
|
||||||
bool bound;
|
bool bound;
|
||||||
|
u32 size;
|
||||||
};
|
};
|
||||||
|
|
||||||
#define nft_trans_set(trans) \
|
#define nft_trans_set(trans) \
|
||||||
|
@ -1603,6 +1604,8 @@ struct nft_trans_set {
|
||||||
(((struct nft_trans_set *)trans->data)->timeout)
|
(((struct nft_trans_set *)trans->data)->timeout)
|
||||||
#define nft_trans_set_gc_int(trans) \
|
#define nft_trans_set_gc_int(trans) \
|
||||||
(((struct nft_trans_set *)trans->data)->gc_int)
|
(((struct nft_trans_set *)trans->data)->gc_int)
|
||||||
|
#define nft_trans_set_size(trans) \
|
||||||
|
(((struct nft_trans_set *)trans->data)->size)
|
||||||
|
|
||||||
struct nft_trans_chain {
|
struct nft_trans_chain {
|
||||||
bool update;
|
bool update;
|
||||||
|
|
|
@ -483,6 +483,7 @@ static int __nft_trans_set_add(const struct nft_ctx *ctx, int msg_type,
|
||||||
nft_trans_set_update(trans) = true;
|
nft_trans_set_update(trans) = true;
|
||||||
nft_trans_set_gc_int(trans) = desc->gc_int;
|
nft_trans_set_gc_int(trans) = desc->gc_int;
|
||||||
nft_trans_set_timeout(trans) = desc->timeout;
|
nft_trans_set_timeout(trans) = desc->timeout;
|
||||||
|
nft_trans_set_size(trans) = desc->size;
|
||||||
}
|
}
|
||||||
nft_trans_commit_list_add_tail(ctx->net, trans);
|
nft_trans_commit_list_add_tail(ctx->net, trans);
|
||||||
|
|
||||||
|
@ -9428,6 +9429,9 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
|
||||||
|
|
||||||
WRITE_ONCE(set->timeout, nft_trans_set_timeout(trans));
|
WRITE_ONCE(set->timeout, nft_trans_set_timeout(trans));
|
||||||
WRITE_ONCE(set->gc_int, nft_trans_set_gc_int(trans));
|
WRITE_ONCE(set->gc_int, nft_trans_set_gc_int(trans));
|
||||||
|
|
||||||
|
if (nft_trans_set_size(trans))
|
||||||
|
WRITE_ONCE(set->size, nft_trans_set_size(trans));
|
||||||
} else {
|
} else {
|
||||||
nft_clear(net, nft_trans_set(trans));
|
nft_clear(net, nft_trans_set(trans));
|
||||||
/* This avoids hitting -EBUSY when deleting the table
|
/* This avoids hitting -EBUSY when deleting the table
|
||||||
|
|
Загрузка…
Ссылка в новой задаче