Skip to content

Commit 67429e6

Browse files
Phil Suttergregkh
Phil Sutter
authored and
gregkh
committed
netfilter: nft_limit: Clone packet limits' cost value
commit 558254b upstream. When cloning a packet-based limit expression, copy the cost value as well. Otherwise the new limit is not functional anymore. Fixes: 3b9e2ea ("netfilter: nft_limit: move stateful fields out of expression data") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 parent 7c58b14 commit 67429e6

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

net/netfilter/nft_limit.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -213,6 +213,8 @@ static int nft_limit_pkts_clone(struct nft_expr *dst, const struct nft_expr *src
213213
struct nft_limit_priv_pkts *priv_dst = nft_expr_priv(dst);
214214
struct nft_limit_priv_pkts *priv_src = nft_expr_priv(src);
215215

216+
priv_dst->cost = priv_src->cost;
217+
216218
return nft_limit_clone(&priv_dst->limit, &priv_src->limit);
217219
}
218220

0 commit comments

Comments
 (0)