summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2023-06-16 15:20:04 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2023-06-20 22:43:40 +0200
commit2b84e215f87443c74ac0aa7f76bb172d43a87033 (patch)
tree67b8eb54749b225c0164da4d084885124a20e945
parent628bd3e49cba1c066228e23d71a852c23e26da73 (diff)
downloadlinux-stable-2b84e215f87443c74ac0aa7f76bb172d43a87033.tar.gz
linux-stable-2b84e215f87443c74ac0aa7f76bb172d43a87033.tar.bz2
linux-stable-2b84e215f87443c74ac0aa7f76bb172d43a87033.zip
netfilter: nft_set_pipapo: .walk does not deal with generations
The .walk callback iterates over the current active set, but it might be useful to iterate over the next generation set. Use the generation mask to determine what set view (either current or next generation) is use for the walk iteration. Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nft_set_pipapo.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
index c867b5b772e8..0452ee586c1c 100644
--- a/net/netfilter/nft_set_pipapo.c
+++ b/net/netfilter/nft_set_pipapo.c
@@ -1974,12 +1974,16 @@ static void nft_pipapo_walk(const struct nft_ctx *ctx, struct nft_set *set,
struct nft_set_iter *iter)
{
struct nft_pipapo *priv = nft_set_priv(set);
+ struct net *net = read_pnet(&set->net);
struct nft_pipapo_match *m;
struct nft_pipapo_field *f;
int i, r;
rcu_read_lock();
- m = rcu_dereference(priv->match);
+ if (iter->genmask == nft_genmask_cur(net))
+ m = rcu_dereference(priv->match);
+ else
+ m = priv->clone;
if (unlikely(!m))
goto out;