summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2018-05-31 18:45:21 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2018-06-06 14:00:48 +0200
commitbd975e691486ba52790ba23cc9b4fecab7bc0d31 (patch)
tree6beb30d1d7c50b358febb0bdfb2d2643eaba4d2b /include
parentnetfilter: xt_set: Check hook mask correctly (diff)
downloadlinux-bd975e691486ba52790ba23cc9b4fecab7bc0d31.tar.xz
linux-bd975e691486ba52790ba23cc9b4fecab7bc0d31.zip
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
When listing sets with timeout support, there's a probability that just timing out entries with "0" timeout value is listed/saved. However when restoring the saved list, the zero timeout value means permanent elelements. The new behaviour is that timing out entries are listed with "timeout 1" instead of zero. Fixes netfilter bugzilla #1258. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/ipset/ip_set_timeout.h10
1 files changed, 8 insertions, 2 deletions
diff --git a/include/linux/netfilter/ipset/ip_set_timeout.h b/include/linux/netfilter/ipset/ip_set_timeout.h
index bfb3531fd88a..7ad8ddf9ca8a 100644
--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -65,8 +65,14 @@ ip_set_timeout_set(unsigned long *timeout, u32 value)
static inline u32
ip_set_timeout_get(const unsigned long *timeout)
{
- return *timeout == IPSET_ELEM_PERMANENT ? 0 :
- jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+ u32 t;
+
+ if (*timeout == IPSET_ELEM_PERMANENT)
+ return 0;
+
+ t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+ /* Zero value in userspace means no timeout */
+ return t == 0 ? 1 : t;
}
#endif /* __KERNEL__ */