Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-04 12:16:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Browse Source 
Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Fix bogus error report in selftests/netfilter/nft_nat.sh,
   from Hangbin Liu.

2) Initialize last and quota expressions from template when
   expr_ops::clone is called, otherwise, states are not restored
   accordingly when loading a dynamic set with elements using
   these two expressions.

* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nft_quota: copy content when cloning expression
  netfilter: nft_last: copy content when cloning expression
  selftests: nft_nat: ensuring the listening side is up before starting the client
====================

Link: https://lore.kernel.org/r/20230301222021.154670-1-pablo@netfilter.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
This commit is contained in:
Paolo Abeni 2023-03-02 11:10:43 +01:00
commit 044c8bf78d
3 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net/netfilter/nft_last.c
View File

@ -105,11 +105,15 @@ static void nft_last_destroy(const struct nft_ctx *ctx,
static int nft_last_clone(struct nft_expr *dst, const struct nft_expr *src)
{
struct nft_last_priv *priv_dst = nft_expr_priv(dst);
struct nft_last_priv *priv_src = nft_expr_priv(src);
priv_dst->last = kzalloc(sizeof(*priv_dst->last), GFP_ATOMIC);
if (!priv_dst->last)
return -ENOMEM;
priv_dst->last->set = priv_src->last->set;
priv_dst->last->jiffies = priv_src->last->jiffies;
return 0;
}

6
net/netfilter/nft_quota.c
View File

@ -236,12 +236,16 @@ static void nft_quota_destroy(const struct nft_ctx *ctx,
static int nft_quota_clone(struct nft_expr *dst, const struct nft_expr *src)
{
struct nft_quota *priv_dst = nft_expr_priv(dst);
struct nft_quota *priv_src = nft_expr_priv(src);
priv_dst->quota = priv_src->quota;
priv_dst->flags = priv_src->flags;
priv_dst->consumed = kmalloc(sizeof(*priv_dst->consumed), GFP_ATOMIC);
if (!priv_dst->consumed)
return -ENOMEM;
atomic64_set(priv_dst->consumed, 0);
*priv_dst->consumed = *priv_src->consumed;
return 0;
}

2
tools/testing/selftests/netfilter/nft_nat.sh
View File

@ -404,6 +404,8 @@ EOF
echo SERVER-$family | ip netns exec "$ns1" timeout 5 socat -u STDIN TCP-LISTEN:2000 &
sc_s=$!
sleep 1
result=$(ip netns exec "$ns0" timeout 1 socat TCP:$daddr:2000 STDOUT)
if [ "$result" = "SERVER-inet" ];then