Commit 52176cc7 authored by Michael Tremer's avatar Michael Tremer

ipset: Set maxelem to a fixed size

When we try to load a changed set which might have more entries, a
previous maxelem could have been smaller preventing us from adding new
entries.

We also cannot run the "create" command with a changed maxelem
parameter which is why this patch set the value to something that should
be large enough for everything.

The downside of this is also, that we cannot modify the hashsize when we
reload a set, which is probably okay, since sets should not change too
much in size and therefore will only run *slightly* less efficient - if
at all.
Signed-off-by: default avatarMichael Tremer <michael.tremer@ipfire.org>
parent 27dc4fa5
...@@ -131,22 +131,13 @@ class IpsetOutputWriter(OutputWriter): ...@@ -131,22 +131,13 @@ class IpsetOutputWriter(OutputWriter):
# Return the size of the hash # Return the size of the hash
return 2 ** math.ceil(exponent) return 2 ** math.ceil(exponent)
@property
def maxelem(self):
"""
Tells ipset how large the set will be.
Since these are considered immutable, we will use the total number of networks.
"""
return self.networks
def _write_header(self): def _write_header(self):
# This must have a fixed size, because we will write the header again in the end # This must have a fixed size, because we will write the header again in the end
self.f.write("create %s hash:net family inet%s" % ( self.f.write("create %s hash:net family inet%s" % (
self.prefix, self.prefix,
"6" if self.family == socket.AF_INET6 else "" "6" if self.family == socket.AF_INET6 else ""
)) ))
self.f.write(" hashsize %8d maxelem %8d -exist\n" % (self.hashsize, self.maxelem)) self.f.write(" hashsize %8d maxelem 1048576 -exist\n" % self.hashsize)
self.f.write("flush %s\n" % self.prefix) self.f.write("flush %s\n" % self.prefix)
def write(self, network): def write(self, network):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment