From: Phil Sutter <phil@nwl.cc>
Date: Tue, 24 May 2022 12:50:01 +0000 (+0200)
Subject: netfilter: nft_limit: Clone packet limits' cost value
X-Git-Tag: v5.15.148~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=42d46178488918b4001923cd44f460cc13d6059d;p=thirdparty%2Fkernel%2Fstable.git

netfilter: nft_limit: Clone packet limits' cost value

commit 558254b0b602b8605d7246a10cfeb584b1fcabfc upstream.

When cloning a packet-based limit expression, copy the cost value as
well. Otherwise the new limit is not functional anymore.

Fixes: 3b9e2ea6c11bf ("netfilter: nft_limit: move stateful fields out of expression data")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c
index 56b51f1ef1ebe..593fa07f10d5e 100644
--- a/net/netfilter/nft_limit.c
+++ b/net/netfilter/nft_limit.c
@@ -218,6 +218,8 @@ static int nft_limit_pkts_clone(struct nft_expr *dst, const struct nft_expr *src
 	struct nft_limit_priv_pkts *priv_dst = nft_expr_priv(dst);
 	struct nft_limit_priv_pkts *priv_src = nft_expr_priv(src);
 
+	priv_dst->cost = priv_src->cost;
+
 	return nft_limit_clone(&priv_dst->limit, &priv_src->limit);
 }