netfilter: ipset: List timing out entries with "timeout 1" instead of zero

When listing sets with timeout support, there's a probability that just timing out entries with "0" timeout value is listed/saved. However when restoring the saved list, the zero timeout value means permanent elelements. The new behaviour is that timing out entries are listed with "timeout 1" instead of zero. Fixes netfilter bugzilla #1258. Signed-off-by: N Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

netfilter: ipset: List timing out entries with "timeout 1" instead of zero
When listing sets with timeout support, there's a probability that just timing out entries with "0" timeout value is listed/saved. However when restoring the saved list, the zero timeout value means permanent elelements. The new behaviour is that timing out entries are listed with "timeout 1" instead of zero. Fixes netfilter bugzilla #1258. Signed-off-by: N Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
bd975e69 · Jozsef Kadlecsik · 9dcceb13 · bd975e69
显示空白变更内容
内联并排

Showing with 8 addition and 2 deletion

include/linux/netfilter/ipset/ip_set_timeout.h include/linux/netfilter/ipset/ip_set_timeout.h +8 -2

未找到文件。
--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -65,8 +65,14 @@ ip_set_timeout_set(unsigned long *timeout, u32 value)
 static inline u32
 ip_set_timeout_get(const unsigned long *timeout)
 {
-	return *timeout == IPSET_ELEM_PERMANENT ? 0 :
-		jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+	u32 t;
+
+	if (*timeout == IPSET_ELEM_PERMANENT)
+		return 0;
+
+	t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+	/* Zero value in userspace means no timeout */
+	return t == 0 ? 1 : t;
 }

 #endif	/* __KERNEL__ */