Commit 044c8bf7 authored by Paolo Abeni's avatar Paolo Abeni

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Fix bogus error report in selftests/netfilter/nft_nat.sh,
   from Hangbin Liu.

2) Initialize last and quota expressions from template when
   expr_ops::clone is called, otherwise, states are not restored
   accordingly when loading a dynamic set with elements using
   these two expressions.

* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nft_quota: copy content when cloning expression
  netfilter: nft_last: copy content when cloning expression
  selftests: nft_nat: ensuring the listening side is up before starting the client
====================

Link: https://lore.kernel.org/r/20230301222021.154670-1-pablo@netfilter.orgSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parents f3221361 aabef97a
...@@ -105,11 +105,15 @@ static void nft_last_destroy(const struct nft_ctx *ctx, ...@@ -105,11 +105,15 @@ static void nft_last_destroy(const struct nft_ctx *ctx,
static int nft_last_clone(struct nft_expr *dst, const struct nft_expr *src) static int nft_last_clone(struct nft_expr *dst, const struct nft_expr *src)
{ {
struct nft_last_priv *priv_dst = nft_expr_priv(dst); struct nft_last_priv *priv_dst = nft_expr_priv(dst);
struct nft_last_priv *priv_src = nft_expr_priv(src);
priv_dst->last = kzalloc(sizeof(*priv_dst->last), GFP_ATOMIC); priv_dst->last = kzalloc(sizeof(*priv_dst->last), GFP_ATOMIC);
if (!priv_dst->last) if (!priv_dst->last)
return -ENOMEM; return -ENOMEM;
priv_dst->last->set = priv_src->last->set;
priv_dst->last->jiffies = priv_src->last->jiffies;
return 0; return 0;
} }
......
...@@ -236,12 +236,16 @@ static void nft_quota_destroy(const struct nft_ctx *ctx, ...@@ -236,12 +236,16 @@ static void nft_quota_destroy(const struct nft_ctx *ctx,
static int nft_quota_clone(struct nft_expr *dst, const struct nft_expr *src) static int nft_quota_clone(struct nft_expr *dst, const struct nft_expr *src)
{ {
struct nft_quota *priv_dst = nft_expr_priv(dst); struct nft_quota *priv_dst = nft_expr_priv(dst);
struct nft_quota *priv_src = nft_expr_priv(src);
priv_dst->quota = priv_src->quota;
priv_dst->flags = priv_src->flags;
priv_dst->consumed = kmalloc(sizeof(*priv_dst->consumed), GFP_ATOMIC); priv_dst->consumed = kmalloc(sizeof(*priv_dst->consumed), GFP_ATOMIC);
if (!priv_dst->consumed) if (!priv_dst->consumed)
return -ENOMEM; return -ENOMEM;
atomic64_set(priv_dst->consumed, 0); *priv_dst->consumed = *priv_src->consumed;
return 0; return 0;
} }
......
...@@ -404,6 +404,8 @@ EOF ...@@ -404,6 +404,8 @@ EOF
echo SERVER-$family | ip netns exec "$ns1" timeout 5 socat -u STDIN TCP-LISTEN:2000 & echo SERVER-$family | ip netns exec "$ns1" timeout 5 socat -u STDIN TCP-LISTEN:2000 &
sc_s=$! sc_s=$!
sleep 1
result=$(ip netns exec "$ns0" timeout 1 socat TCP:$daddr:2000 STDOUT) result=$(ip netns exec "$ns0" timeout 1 socat TCP:$daddr:2000 STDOUT)
if [ "$result" = "SERVER-inet" ];then if [ "$result" = "SERVER-inet" ];then
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment