netfilter: nft_limit: Clone packet limits' cost value

commit 558254b0b602b8605d7246a10cfeb584b1fcabfc upstream. When cloning a packet-based limit expression, copy the cost value as well. Otherwise the new limit is not functional anymore. Fixes: 3b9e2ea6c11bf ("netfilter: nft_limit: move stateful fields out of expression data") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Phil Sutter <phil@nwl.cc> 2022-05-24 14:50:01 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-01-25 14:52:56 -0800
commit: 42d46178488918b4001923cd44f460cc13d6059d (patch)
tree: 04e355b5f2e5be183ee3b2aa3690d3a97600ca15
parent: d80880585128d928366f1925059eb0e36e5b8507 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c
index 56b51f1ef1eb..593fa07f10d5 100644
--- a/net/netfilter/nft_limit.c
+++ b/net/netfilter/nft_limit.c
@@ -218,6 +218,8 @@ static int nft_limit_pkts_clone(struct nft_expr *dst, const struct nft_expr *src
 	struct nft_limit_priv_pkts *priv_dst = nft_expr_priv(dst);
 	struct nft_limit_priv_pkts *priv_src = nft_expr_priv(src);
 
+	priv_dst->cost = priv_src->cost;
+
 	return nft_limit_clone(&priv_dst->limit, &priv_src->limit);
 }
author	Phil Sutter <phil@nwl.cc>	2022-05-24 14:50:01 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-01-25 14:52:56 -0800
commit	42d46178488918b4001923cd44f460cc13d6059d (patch)
tree	04e355b5f2e5be183ee3b2aa3690d3a97600ca15
parent	d80880585128d928366f1925059eb0e36e5b8507 (diff)