| commit | 99a0efbeeb83482893f7d5df343a2d2eb591933d | [log] [tgz] |
|---|---|---|
| author | Florian Westphal <fw@strlen.de> | Mon Apr 16 18:52:58 2018 +0200 |
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | Tue Apr 24 10:29:21 2018 +0200 |
| tree | f7235e3c30479ff5c7ad69f75880521e43089f82 | |
| parent | 8e1102d5a1596dca10f51e3de800809944f8816d [diff] |
netfilter: nf_tables: always use an upper set size for dynsets nft rejects rules that lack a timeout and a size limit when they're used to add elements from packet path. Pick a sane upperlimit instead of rejecting outright. The upperlimit is visible to userspace, just as if it would have been given during set declaration. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>