diff options
author | Patrick McHardy <kaber@trash.net> | 2015-04-05 14:41:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-08 16:58:26 +0200 |
commit | 4a8678efbec6b0ea46baafb77cd297e6e02da933 (patch) | |
tree | 063e366b74841c5b17af92b18b953889f8f74d64 /net | |
parent | netfilter: bridge: make BRNF_PKT_TYPE flag a bool (diff) | |
download | linux-4a8678efbec6b0ea46baafb77cd297e6e02da933.tar.xz linux-4a8678efbec6b0ea46baafb77cd297e6e02da933.zip |
netfilter: nf_tables: fix set selection when timeouts are requested
The NFT_SET_TIMEOUT flag is ignore in nft_select_set_ops, which may
lead to selection of a set implementation that doesn't actually
support timeouts.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_tables_api.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 3aa92b3f85fd..0dab872e821b 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2159,7 +2159,7 @@ nft_select_set_ops(const struct nlattr * const nla[], features = 0; if (nla[NFTA_SET_FLAGS] != NULL) { features = ntohl(nla_get_be32(nla[NFTA_SET_FLAGS])); - features &= NFT_SET_INTERVAL | NFT_SET_MAP; + features &= NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_TIMEOUT; } bops = NULL; |