forked from mirrors/linux
netfilter: nft_dynset: fix element timeout for HZ != 1000
With HZ=100 element timeout in dynamic sets (i.e. flow tables) is 10 times
higher than configured.
Add proper conversion to/from jiffies, when interacting with userspace.
I tested this on Linux 4.8.1, and it applies cleanly to current nf and
nf-next trees.
Fixes: 22fe54d5fe ("netfilter: nf_tables: add support for dynamic set updates")
Signed-off-by: Anders K. Pedersen <akp@cohaesio.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Anders K. Pedersen
Pablo Neira Ayuso
parent
1b203c138c
commit
a8b1e36d0d
1 changed files with 4 additions and 2 deletions
|
|
@ -158,7 +158,8 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
|
|||
if (tb[NFTA_DYNSET_TIMEOUT] != NULL) {
|
||||
if (!(set->flags & NFT_SET_TIMEOUT))
|
||||
return -EINVAL;
|
||||
timeout = be64_to_cpu(nla_get_be64(tb[NFTA_DYNSET_TIMEOUT]));
|
||||
timeout = msecs_to_jiffies(be64_to_cpu(nla_get_be64(
|
||||
tb[NFTA_DYNSET_TIMEOUT])));
|
||||
}
|
||||
|
||||
priv->sreg_key = nft_parse_register(tb[NFTA_DYNSET_SREG_KEY]);
|
||||
|
|
@ -246,7 +247,8 @@ static int nft_dynset_dump(struct sk_buff *skb, const struct nft_expr *expr)
|
|||
goto nla_put_failure;
|
||||
if (nla_put_string(skb, NFTA_DYNSET_SET_NAME, priv->set->name))
|
||||
goto nla_put_failure;
|
||||
if (nla_put_be64(skb, NFTA_DYNSET_TIMEOUT, cpu_to_be64(priv->timeout),
|
||||
if (nla_put_be64(skb, NFTA_DYNSET_TIMEOUT,
|
||||
cpu_to_be64(jiffies_to_msecs(priv->timeout)),
|
||||
NFTA_DYNSET_PAD))
|
||||
goto nla_put_failure;
|
||||
if (priv->expr && nft_expr_dump(skb, NFTA_DYNSET_EXPR, priv->expr))
|
||||
|
|
|
|||
Loading…
Reference in a new issue