diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-04-05 08:41:05 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-08 10:58:26 -0400 |
| commit | 4a8678efbec6b0ea46baafb77cd297e6e02da933 (patch) | |
| tree | 063e366b74841c5b17af92b18b953889f8f74d64 | |
| parent | a1e67951e6c0b11bb11c256f8e1c45ed51fcd760 (diff) | |
netfilter: nf_tables: fix set selection when timeouts are requested
The NFT_SET_TIMEOUT flag is ignore in nft_select_set_ops, which may
lead to selection of a set implementation that doesn't actually
support timeouts.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 3aa92b3f85fd..0dab872e821b 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -2159,7 +2159,7 @@ nft_select_set_ops(const struct nlattr * const nla[], | |||
| 2159 | features = 0; | 2159 | features = 0; |
| 2160 | if (nla[NFTA_SET_FLAGS] != NULL) { | 2160 | if (nla[NFTA_SET_FLAGS] != NULL) { |
| 2161 | features = ntohl(nla_get_be32(nla[NFTA_SET_FLAGS])); | 2161 | features = ntohl(nla_get_be32(nla[NFTA_SET_FLAGS])); |
| 2162 | features &= NFT_SET_INTERVAL | NFT_SET_MAP; | 2162 | features &= NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_TIMEOUT; |
| 2163 | } | 2163 | } |
| 2164 | 2164 | ||
| 2165 | bops = NULL; | 2165 | bops = NULL; |