| Message ID | 20220524125001.25881-1-phil@nwl.cc |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [nf] netfilter: nft_limit: Clone packet limits' cost value | expand |
On Tue, May 24, 2022 at 02:50:01PM +0200, Phil Sutter wrote: > When cloning a packet-based limit expression, copy the cost value as > well. Otherwise the new limit is not functional anymore. Applied, thanks
diff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c index 04ea8b9bf2028..981addb2d0515 100644 --- a/net/netfilter/nft_limit.c +++ b/net/netfilter/nft_limit.c @@ -213,6 +213,8 @@ static int nft_limit_pkts_clone(struct nft_expr *dst, const struct nft_expr *src struct nft_limit_priv_pkts *priv_dst = nft_expr_priv(dst); struct nft_limit_priv_pkts *priv_src = nft_expr_priv(src); + priv_dst->cost = priv_src->cost; + return nft_limit_clone(&priv_dst->limit, &priv_src->limit); }
When cloning a packet-based limit expression, copy the cost value as well. Otherwise the new limit is not functional anymore. Fixes: 3b9e2ea6c11bf ("netfilter: nft_limit: move stateful fields out of expression data") Signed-off-by: Phil Sutter <phil@nwl.cc> --- net/netfilter/nft_limit.c | 2 ++ 1 file changed, 2 insertions(+)