netfilter: nft_limit: Clone packet limits' cost value

commit 558254b0b6 upstream. When cloning a packet-based limit expression, copy the cost value as well. Otherwise the new limit is not functional anymore. Fixes: 3b9e2ea6c1 ("netfilter: nft_limit: move stateful fields out of expression data") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-09-30 06:10:56 +00:00 · 2022-05-24 14:50:01 +02:00 · 2022-05-24 14:50:01 +02:00 · 42d4617848
commit 42d4617848
parent d808805851
1 changed files with 2 additions and 0 deletions
--- a/net/netfilter/nft_limit.c
+++ b/net/netfilter/nft_limit.c
@ -218,6 +218,8 @@ static int nft_limit_pkts_clone(struct nft_expr *dst, const struct nft_expr *src
 	struct nft_limit_priv_pkts *priv_dst = nft_expr_priv(dst);
 	struct nft_limit_priv_pkts *priv_src = nft_expr_priv(src);

+	priv_dst->cost = priv_src->cost;
+
 	return nft_limit_clone(&priv_dst->limit, &priv_src->limit);
 }