netfilter: nf_tables: fix inconsistent element expiration calculation - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Anders K. Pedersen <akp@cohaesio.com>	2016-11-20 19:38:47 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-11-24 16:43:34 +0300
commit	d3e2a1110cae6ee5eeb1f9a97addf03e974f12e6 (patch)
tree	81cbe225d30cc88bb084a810a1d7d98f7026ac3a /drivers/fpga/fpga-bridge.c
parent	7223ecd4669921cb2a709193521967aaa2b06862 (diff)
download	linux-d3e2a1110cae6ee5eeb1f9a97addf03e974f12e6.tar.xz

netfilter: nf_tables: fix inconsistent element expiration calculation

As Liping Zhang reports, after commit a8b1e36d0d1d ("netfilter: nft_dynset: fix element timeout for HZ != 1000"), priv->timeout was stored in jiffies, while set->timeout was stored in milliseconds. This is inconsistent and incorrect. Firstly, we already call msecs_to_jiffies in nft_set_elem_init, so priv->timeout will be converted to jiffies twice. Secondly, if the user did not specify the NFTA_DYNSET_TIMEOUT attr, set->timeout will be used, but we forget to call msecs_to_jiffies when do update elements. Fix this by using jiffies internally for traditional sets and doing the conversions to/from msec when interacting with userspace - as dynset already does. This is preferable to doing the conversions, when elements are inserted or updated, because this can happen very frequently on busy dynsets. Fixes: a8b1e36d0d1d ("netfilter: nft_dynset: fix element timeout for HZ != 1000") Reported-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Anders K. Pedersen <akp@cohaesio.com> Acked-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'drivers/fpga/fpga-bridge.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: