netfilter: nft_limit: Clone packet limits' cost value

commit 558254b0b602b8605d7246a10cfeb584b1fcabfc upstream. When cloning a packet-based limit expression, copy the cost value as well. Otherwise the new limit is not functional anymore. Fixes: 3b9e2ea6c11bf ("netfilter: nft_limit: move stateful fields out of expression data") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Phil Sutter <phil@nwl.cc> 2022-05-24 14:50:01 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-06-06 08:48:54 +0200
commit: a51c6c58ce940db65100bbfd58189b49d9da1f27 (patch)
tree: 1ac62bbae3a03e3d907aaa89c350eb1978359782 /net
parent: 2193286402df2d9c53294f7a858d5e6fd7346e08 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c
index 04ea8b9bf2028..981addb2d0515 100644
--- a/net/netfilter/nft_limit.c
+++ b/net/netfilter/nft_limit.c
@@ -213,6 +213,8 @@ static int nft_limit_pkts_clone(struct nft_expr *dst, const struct nft_expr *src
 	struct nft_limit_priv_pkts *priv_dst = nft_expr_priv(dst);
 	struct nft_limit_priv_pkts *priv_src = nft_expr_priv(src);
 
+	priv_dst->cost = priv_src->cost;
+
 	return nft_limit_clone(&priv_dst->limit, &priv_src->limit);
 }
author	Phil Sutter <phil@nwl.cc>	2022-05-24 14:50:01 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-06-06 08:48:54 +0200
commit	a51c6c58ce940db65100bbfd58189b49d9da1f27 (patch)
tree	1ac62bbae3a03e3d907aaa89c350eb1978359782 /net
parent	2193286402df2d9c53294f7a858d5e6fd7346e08 (diff)