tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Fix bogus error report in selftests/netfilter/nft_nat.sh,
from Hangbin Liu.

2) Initialize last and quota expressions from template when
expr_ops::clone is called, otherwise, states are not restored
accordingly when loading a dynamic set with elements using
these two expressions.

* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
netfilter: nft_quota: copy content when cloning expression
netfilter: nft_last: copy content when cloning expression
selftests: nft_nat: ensuring the listening side is up before starting the client
====================

Link: https://lore.kernel.org/r/20230301222021.154670-1-pablo@netfilter.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

Paolo Abeni 044c8bf7 f3221361

+11 -1
+4
net/netfilter/nft_last.c
··· 105 105 static int nft_last_clone(struct nft_expr *dst, const struct nft_expr *src) 106 106 { 107 107 struct nft_last_priv *priv_dst = nft_expr_priv(dst); 108 + struct nft_last_priv *priv_src = nft_expr_priv(src); 108 109 109 110 priv_dst->last = kzalloc(sizeof(*priv_dst->last), GFP_ATOMIC); 110 111 if (!priv_dst->last) 111 112 return -ENOMEM; 113 + 114 + priv_dst->last->set = priv_src->last->set; 115 + priv_dst->last->jiffies = priv_src->last->jiffies; 112 116 113 117 return 0; 114 118 }
+5 -1
net/netfilter/nft_quota.c
··· 236 236 static int nft_quota_clone(struct nft_expr *dst, const struct nft_expr *src) 237 237 { 238 238 struct nft_quota *priv_dst = nft_expr_priv(dst); 239 + struct nft_quota *priv_src = nft_expr_priv(src); 240 + 241 + priv_dst->quota = priv_src->quota; 242 + priv_dst->flags = priv_src->flags; 239 243 240 244 priv_dst->consumed = kmalloc(sizeof(*priv_dst->consumed), GFP_ATOMIC); 241 245 if (!priv_dst->consumed) 242 246 return -ENOMEM; 243 247 244 - atomic64_set(priv_dst->consumed, 0); 248 + *priv_dst->consumed = *priv_src->consumed; 245 249 246 250 return 0; 247 251 }
+2
tools/testing/selftests/netfilter/nft_nat.sh
··· 404 404 echo SERVER-$family | ip netns exec "$ns1" timeout 5 socat -u STDIN TCP-LISTEN:2000 & 405 405 sc_s=$! 406 406 407 + sleep 1 408 + 407 409 result=$(ip netns exec "$ns0" timeout 1 socat TCP:$daddr:2000 STDOUT) 408 410 409 411 if [ "$result" = "SERVER-inet" ];then