diff options
author | Patrick McHardy <kaber@trash.net> | 2015-04-05 14:41:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-08 16:58:26 +0200 |
commit | 4a8678efbec6b0ea46baafb77cd297e6e02da933 (patch) | |
tree | 063e366b74841c5b17af92b18b953889f8f74d64 | |
parent | a1e67951e6c0b11bb11c256f8e1c45ed51fcd760 (diff) |
netfilter: nf_tables: fix set selection when timeouts are requested
The NFT_SET_TIMEOUT flag is ignore in nft_select_set_ops, which may
lead to selection of a set implementation that doesn't actually
support timeouts.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | net/netfilter/nf_tables_api.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 3aa92b3f85fd..0dab872e821b 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2159,7 +2159,7 @@ nft_select_set_ops(const struct nlattr * const nla[], features = 0; if (nla[NFTA_SET_FLAGS] != NULL) { features = ntohl(nla_get_be32(nla[NFTA_SET_FLAGS])); - features &= NFT_SET_INTERVAL | NFT_SET_MAP; + features &= NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_TIMEOUT; } bops = NULL; |