From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 4.14 16/30] netfilter: nft_dynset: add timeout extension to template
Date: Tue, 2 Feb 2021 14:38:57 +0100 [thread overview]
Message-ID: <20210202132942.808449070@linuxfoundation.org> (raw)
In-Reply-To: <20210202132942.138623851@linuxfoundation.org>
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 0c5b7a501e7400869ee905b4f7af3d6717802bcb upstream.
Otherwise, the newly create element shows no timeout when listing the
ruleset. If the set definition does not specify a default timeout, then
the set element only shows the expiration time, but not the timeout.
This is a problem when restoring a stateful ruleset listing since it
skips the timeout policy entirely.
Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nft_dynset.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -205,8 +205,10 @@ static int nft_dynset_init(const struct
nft_set_ext_add_length(&priv->tmpl, NFT_SET_EXT_EXPR,
priv->expr->ops->size);
if (set->flags & NFT_SET_TIMEOUT) {
- if (timeout || set->timeout)
+ if (timeout || set->timeout) {
+ nft_set_ext_add(&priv->tmpl, NFT_SET_EXT_TIMEOUT);
nft_set_ext_add(&priv->tmpl, NFT_SET_EXT_EXPIRATION);
+ }
}
priv->timeout = timeout;
next prev parent reply other threads:[~2021-02-02 14:15 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-02 13:38 [PATCH 4.14 00/30] 4.14.219-rc1 review Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 01/30] nbd: freeze the queue while were adding connections Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 02/30] ACPI: sysfs: Prefer "compatible" modalias Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 03/30] ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 04/30] wext: fix NULL-ptr-dereference with cfg80211s lack of commit() Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 05/30] net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 06/30] drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 07/30] drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 08/30] KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 09/30] KVM: x86: get smi pending status correctly Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 10/30] xen: Fix XenStore initialisation for XS_LOCAL Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 11/30] leds: trigger: fix potential deadlock with libata Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 12/30] mt7601u: fix kernel crash unplugging the device Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 13/30] mt7601u: fix rx buffer refcounting Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 14/30] xen-blkfront: allow discard-* nodes to be optional Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 15/30] ARM: imx: build suspend-imx6.S with arm instruction set Greg Kroah-Hartman
2021-02-02 13:38 ` Greg Kroah-Hartman [this message]
2021-02-02 13:38 ` [PATCH 4.14 17/30] xfrm: Fix oops in xfrm_replay_advance_bmp Greg Kroah-Hartman
2021-02-02 13:38 ` [PATCH 4.14 18/30] RDMA/cxgb4: Fix the reported max_recv_sge value Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 19/30] iwlwifi: pcie: use jiffies for memory read spin time limit Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 20/30] iwlwifi: pcie: reschedule in long-running memory reads Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 21/30] mac80211: pause TX while changing interface type Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 22/30] can: dev: prevent potential information leak in can_fill_info() Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 23/30] x86/entry/64/compat: Preserve r8-r11 in int $0x80 Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 24/30] x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80" Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 25/30] iommu/vt-d: Gracefully handle DMAR units with no supported address widths Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 26/30] iommu/vt-d: Dont dereference iommu_device if IOMMU_API is not built Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 27/30] NFC: fix resource leak when target index is invalid Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 28/30] NFC: fix possible resource leak Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 29/30] team: protect features update by RCU to avoid deadlock Greg Kroah-Hartman
2021-02-02 13:39 ` [PATCH 4.14 30/30] tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN Greg Kroah-Hartman
2021-02-02 20:21 ` [PATCH 4.14 00/30] 4.14.219-rc1 review Jon Hunter
2021-02-03 9:42 ` Naresh Kamboju
2021-02-03 20:41 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210202132942.808449070@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).