releases/4.17.12/netfilter-ipset-list-timing-out-entries-with-timeout-1-instead-of-zero.patch

   1 From foo@baz Sat Jul 28 10:14:30 CEST 2018
   2 From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   3 Date: Thu, 31 May 2018 18:45:21 +0200
   4 Subject: netfilter: ipset: List timing out entries with "timeout 1" instead of zero
   5
   6 From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   7
   8 [ Upstream commit bd975e691486ba52790ba23cc9b4fecab7bc0d31 ]
   9
  10 When listing sets with timeout support, there's a probability that
  11 just timing out entries with "0" timeout value is listed/saved.
  12 However when restoring the saved list, the zero timeout value means
  13 permanent elelements.
  14
  15 The new behaviour is that timing out entries are listed with "timeout 1"
  16 instead of zero.
  17
  18 Fixes netfilter bugzilla #1258.
  19
  20 Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
  21 Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
  22 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  23 ---
  24  include/linux/netfilter/ipset/ip_set_timeout.h |   10 ++++++++--
  25  1 file changed, 8 insertions(+), 2 deletions(-)
  26
  27 --- a/include/linux/netfilter/ipset/ip_set_timeout.h
  28 +++ b/include/linux/netfilter/ipset/ip_set_timeout.h
  29 @@ -65,8 +65,14 @@ ip_set_timeout_set(unsigned long *timeou
  30  static inline u32
  31  ip_set_timeout_get(const unsigned long *timeout)
  32  {
  33 -       return *timeout == IPSET_ELEM_PERMANENT ? 0 :
  34 -               jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
  35 +       u32 t;
  36 +
  37 +       if (*timeout == IPSET_ELEM_PERMANENT)
  38 +               return 0;
  39 +
  40 +       t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
  41 +       /* Zero value in userspace means no timeout */
  42 +       return t == 0 ? 1 : t;
  43  }
  44
  45  #endif /* __KERNEL__ */