netfilter: nft_limit: Clone packet limits' cost value

When cloning a packet-based limit expression, copy the cost value as
well. Otherwise the new limit is not functional anymore.

Fixes: 3b9e2ea6c11bf ("netfilter: nft_limit: move stateful fields out of expression data")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c
index 04ea8b9..981addb 100644 (file)
--- a/net/netfilter/nft_limit.c
+++ b/net/netfilter/nft_limit.c
@@ -213,6 +213,8 @@ static int nft_limit_pkts_clone(struct nft_expr *dst, const struct nft_expr *src
        struct nft_limit_priv_pkts *priv_dst = nft_expr_priv(dst);
        struct nft_limit_priv_pkts *priv_src = nft_expr_priv(src);
 
+       priv_dst->cost = priv_src->cost;
+
        return nft_limit_clone(&priv_dst->limit, &priv_src->limit);
 }