netfilter: ipset: List timing out entries with "timeout 1" instead of zero

When listing sets with timeout support, there's a probability that
just timing out entries with "0" timeout value is listed/saved.
However when restoring the saved list, the zero timeout value means
permanent elelements.

The new behaviour is that timing out entries are listed with "timeout 1"
instead of zero.

Fixes netfilter bugzilla #1258.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

diff --git a/include/linux/netfilter/ipset/ip_set_timeout.h b/include/linux/netfilter/ipset/ip_set_timeout.h
index bfb3531fd88a4f7811e6ef9fffbaff672dfa6c53..7ad8ddf9ca8a412cd69096c5780a510470b06778 100644 (file)
--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -65,8 +65,14 @@ ip_set_timeout_set(unsigned long *timeout, u32 value)
 static inline u32
 ip_set_timeout_get(const unsigned long *timeout)
 {
-       return *timeout == IPSET_ELEM_PERMANENT ? 0 :
-               jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+       u32 t;
+
+       if (*timeout == IPSET_ELEM_PERMANENT)
+               return 0;
+
+       t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+       /* Zero value in userspace means no timeout */
+       return t == 0 ? 1 : t;
 }
 
 #endif /* __KERNEL__ */