Commit 044c8bf7 authored Mar 02, 2023 by Paolo Abeni

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Fix bogus error report in selftests/netfilter/nft_nat.sh,
   from Hangbin Liu.

2) Initialize last and quota expressions from template when
   expr_ops::clone is called, otherwise, states are not restored
   accordingly when loading a dynamic set with elements using
   these two expressions.

* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nft_quota: copy content when cloning expression
  netfilter: nft_last: copy content when cloning expression
  selftests: nft_nat: ensuring the listening side is up before starting the client
====================

Link: https://lore.kernel.org/r/20230301222021.154670-1-pablo@netfilter.org


Signed-off-by: Paolo Abeni <pabeni@redhat.com>

parents f3221361 aabef97a

net/netfilter/nft_last.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -105,11 +105,15 @@ static void nft_last_destroy(const struct nft_ctx *ctx,
		static int nft_last_clone(struct nft_expr dst, const struct nft_expr src)
		{
		struct nft_last_priv *priv_dst = nft_expr_priv(dst);
		struct nft_last_priv *priv_src = nft_expr_priv(src);

		priv_dst->last = kzalloc(sizeof(*priv_dst->last), GFP_ATOMIC);
		if (!priv_dst->last)
		return -ENOMEM;

		priv_dst->last->set = priv_src->last->set;
		priv_dst->last->jiffies = priv_src->last->jiffies;

		return 0;
		}

net/netfilter/nft_quota.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -236,12 +236,16 @@ static void nft_quota_destroy(const struct nft_ctx *ctx,
		static int nft_quota_clone(struct nft_expr dst, const struct nft_expr src)
		{
		struct nft_quota *priv_dst = nft_expr_priv(dst);
		struct nft_quota *priv_src = nft_expr_priv(src);

		priv_dst->quota = priv_src->quota;
		priv_dst->flags = priv_src->flags;

		priv_dst->consumed = kmalloc(sizeof(*priv_dst->consumed), GFP_ATOMIC);
		if (!priv_dst->consumed)
		return -ENOMEM;

		atomic64_set(priv_dst->consumed, 0);
		priv_dst->consumed = priv_src->consumed;

		return 0;
		}

tools/testing/selftests/netfilter/nft_nat.sh

+2 −0

Original line number	Diff line number	Diff line
		@@ -404,6 +404,8 @@ EOF
		echo SERVER-$family \| ip netns exec "$ns1" timeout 5 socat -u STDIN TCP-LISTEN:2000 &
		sc_s=$!

		sleep 1

		result=$(ip netns exec "$ns0" timeout 1 socat TCP:$daddr:2000 STDOUT)

		if [ "$result" = "SERVER-inet" ];then