diff options
| author | Phil Sutter <phil@nwl.cc> | 2020-05-14 13:31:21 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-06-03 08:19:47 +0200 |
| commit | 37bc21bb264b50e2b88c642151979eb6b1ab2620 (patch) | |
| tree | e3e691dce66154af530ef17e8c5c6584c088dbfd /net | |
| parent | f7d8095579241dc357cf127e8f0e3fe543de5318 (diff) | |
| download | linux-37bc21bb264b50e2b88c642151979eb6b1ab2620.tar.gz linux-37bc21bb264b50e2b88c642151979eb6b1ab2620.tar.bz2 linux-37bc21bb264b50e2b88c642151979eb6b1ab2620.zip | |
netfilter: ipset: Fix subcounter update skip
commit a164b95ad6055c50612795882f35e0efda1f1390 upstream.
If IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE is set, user requested to not
update counters in sub sets. Therefore IPSET_FLAG_SKIP_COUNTER_UPDATE
must be set, not unset.
Fixes: 6e01781d1c80e ("netfilter: ipset: set match: add support to match the counters")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/ipset/ip_set_list_set.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c index 8da228da53ae..993ce04e6ea0 100644 --- a/net/netfilter/ipset/ip_set_list_set.c +++ b/net/netfilter/ipset/ip_set_list_set.c @@ -63,7 +63,7 @@ list_set_ktest(struct ip_set *set, const struct sk_buff *skb, /* Don't lookup sub-counters at all */ opt->cmdflags &= ~IPSET_FLAG_MATCH_COUNTERS; if (opt->cmdflags & IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE) - opt->cmdflags &= ~IPSET_FLAG_SKIP_COUNTER_UPDATE; + opt->cmdflags |= IPSET_FLAG_SKIP_COUNTER_UPDATE; list_for_each_entry_rcu(e, &map->members, list) { ret = ip_set_test(e->id, skb, par, opt); if (ret <= 0) |