This is a note to let you know that I've just added the patch titled
netfilter: nft_limit: Clone packet limits' cost value
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netfilter-nft_limit-clone-packet-limits-cost-value.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 558254b0b602b8605d7246a10cfeb584b1fcabfc Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@xxxxxx>
Date: Tue, 24 May 2022 14:50:01 +0200
Subject: netfilter: nft_limit: Clone packet limits' cost value
From: Phil Sutter <phil@xxxxxx>
commit 558254b0b602b8605d7246a10cfeb584b1fcabfc upstream.
When cloning a packet-based limit expression, copy the cost value as
well. Otherwise the new limit is not functional anymore.
Fixes: 3b9e2ea6c11bf ("netfilter: nft_limit: move stateful fields out of expression data")
Signed-off-by: Phil Sutter <phil@xxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/netfilter/nft_limit.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/netfilter/nft_limit.c
+++ b/net/netfilter/nft_limit.c
@@ -218,6 +218,8 @@ static int nft_limit_pkts_clone(struct n
struct nft_limit_priv_pkts *priv_dst = nft_expr_priv(dst);
struct nft_limit_priv_pkts *priv_src = nft_expr_priv(src);
+ priv_dst->cost = priv_src->cost;
+
return nft_limit_clone(&priv_dst->limit, &priv_src->limit);
}
Patches currently in stable-queue which might be from phil@xxxxxx are
queue-5.15/netfilter-nft_limit-clone-packet-limits-cost-value.patch
