Hi Pablo,
Please apply the next patch to the nf tree. Brad Spengler reported that
huge range of consecutive elements could result soft lockup errors due
to the long execution time. The patch limits and enforces the maximal size
of such ranges.
Best regards,
Jozsef
The following changes since commit 832df96d5f957d42fd9eb9660519a0c51fe8538e:
Merge branch 'sctp-pmtu-probe' (2021-07-25 23:06:21 +0100)
are available in the Git repository at:
git://blackhole.kfki.hu/nf 97b5fa905d232f300fd
for you to fetch changes up to 97b5fa905d232f300fd943c320932dd0523727ee:
netfilter: ipset: Limit the maximal range of consecutive elements to add/delete (2021-07-27 12:59:38 +0200)
----------------------------------------------------------------
Jozsef Kadlecsik (1):
netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
include/linux/netfilter/ipset/ip_set.h | 3 +++
net/netfilter/ipset/ip_set_hash_ip.c | 8 +++++++-
net/netfilter/ipset/ip_set_hash_ipmark.c | 10 +++++++++-
net/netfilter/ipset/ip_set_hash_ipport.c | 3 +++
net/netfilter/ipset/ip_set_hash_ipportip.c | 3 +++
net/netfilter/ipset/ip_set_hash_ipportnet.c | 3 +++
net/netfilter/ipset/ip_set_hash_net.c | 11 ++++++++++-
net/netfilter/ipset/ip_set_hash_netiface.c | 10 +++++++++-
net/netfilter/ipset/ip_set_hash_netnet.c | 16 +++++++++++++++-
net/netfilter/ipset/ip_set_hash_netport.c | 11 ++++++++++-
net/netfilter/ipset/ip_set_hash_netportnet.c | 16 +++++++++++++++-
11 files changed, 87 insertions(+), 7 deletions(-)
