Commit 96b2ef9b authored Jun 06, 2023 by Florian Westphal Committed by Pablo Neira Ayuso Jun 26, 2023

netfilter: nf_tables: permit update of set size



Now that set->nelems is always updated permit update of the sets max size.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 78aa23d0

include/net/netfilter/nf_tables.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -1589,6 +1589,7 @@ struct nft_trans_set {
		u64 timeout;
		bool update;
		bool bound;
		u32 size;
		};

		#define nft_trans_set(trans) \
		@@ -1603,6 +1604,8 @@ struct nft_trans_set {
		(((struct nft_trans_set *)trans->data)->timeout)
		#define nft_trans_set_gc_int(trans) \
		(((struct nft_trans_set *)trans->data)->gc_int)
		#define nft_trans_set_size(trans) \
		(((struct nft_trans_set *)trans->data)->size)

		struct nft_trans_chain {
		bool update;

net/netfilter/nf_tables_api.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -483,6 +483,7 @@ static int __nft_trans_set_add(const struct nft_ctx *ctx, int msg_type,
		nft_trans_set_update(trans) = true;
		nft_trans_set_gc_int(trans) = desc->gc_int;
		nft_trans_set_timeout(trans) = desc->timeout;
		nft_trans_set_size(trans) = desc->size;
		}
		nft_trans_commit_list_add_tail(ctx->net, trans);

		@@ -9428,6 +9429,9 @@ static int nf_tables_commit(struct net net, struct sk_buff skb)

		WRITE_ONCE(set->timeout, nft_trans_set_timeout(trans));
		WRITE_ONCE(set->gc_int, nft_trans_set_gc_int(trans));

		if (nft_trans_set_size(trans))
		WRITE_ONCE(set->size, nft_trans_set_size(trans));
		} else {
		nft_clear(net, nft_trans_set(trans));
		/* This avoids hitting -EBUSY when deleting the table