netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface

The patch "netfilter: ipset: enforce documented limit to prevent allocating
huge memory" was too strict and prevented to add up to 64 clashing elements
to a hash:net,iface type of set. This patch fixes the issue and now the type
behaves as documented.

diff --git a/kernel/net/netfilter/ipset/ip_set_hash_gen.h b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
index 9fc4f9d7ed6da14e4660ab720fc0da032f0d9488..af3899152af6dbaa23c31c2e3570b36e8b6d7209 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
@@ -929,7 +929,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
 #ifdef IP_SET_HASH_WITH_MULTI
                if (h->bucketsize >= AHASH_MAX_TUNED)
                        goto set_full;
-               else if (h->bucketsize < multi)
+               else if (h->bucketsize <= multi)
                        h->bucketsize += AHASH_INIT_SIZE;
 #endif
                if (n->size >= AHASH_MAX(h)) {