netfilter: nft_last: copy content when cloning expression

If the ruleset contains last timestamps, restore them accordingly. Otherwise, listing after restoration shows never used items. Fixes: 33a24de ("netfilter: nft_last: move stateful fields out of expression data") Signed-off-by: Pablo Neira Ayuso <[email protected]>
kawasaki · Mar 1, 2023 · 860e874 · 860e874
1 parent 2067e7a
commit 860e874
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/net/netfilter/nft_last.c b/net/netfilter/nft_last.c
@@ -105,11 +105,15 @@ static void nft_last_destroy(const struct nft_ctx *ctx,
 static int nft_last_clone(struct nft_expr *dst, const struct nft_expr *src)
 {
 	struct nft_last_priv *priv_dst = nft_expr_priv(dst);
+	struct nft_last_priv *priv_src = nft_expr_priv(src);
 
 	priv_dst->last = kzalloc(sizeof(*priv_dst->last), GFP_ATOMIC);
 	if (!priv_dst->last)
 		return -ENOMEM;
 
+	priv_dst->last->set = priv_src->last->set;
+	priv_dst->last->jiffies = priv_src->last->jiffies;
+
 	return 0;
 }