netfilter: ipset: Fix subcounter update skip
If IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE is set, user requested to not
update counters in sub sets. Therefore IPSET_FLAG_SKIP_COUNTER_UPDATE
must be set, not unset.
Fixes: 6e01781d1c
("netfilter: ipset: set match: add support to match the counters")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
e9c284ec4b
commit
a164b95ad6
@ -59,7 +59,7 @@ list_set_ktest(struct ip_set *set, const struct sk_buff *skb,
|
|||||||
/* Don't lookup sub-counters at all */
|
/* Don't lookup sub-counters at all */
|
||||||
opt->cmdflags &= ~IPSET_FLAG_MATCH_COUNTERS;
|
opt->cmdflags &= ~IPSET_FLAG_MATCH_COUNTERS;
|
||||||
if (opt->cmdflags & IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE)
|
if (opt->cmdflags & IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE)
|
||||||
opt->cmdflags &= ~IPSET_FLAG_SKIP_COUNTER_UPDATE;
|
opt->cmdflags |= IPSET_FLAG_SKIP_COUNTER_UPDATE;
|
||||||
list_for_each_entry_rcu(e, &map->members, list) {
|
list_for_each_entry_rcu(e, &map->members, list) {
|
||||||
ret = ip_set_test(e->id, skb, par, opt);
|
ret = ip_set_test(e->id, skb, par, opt);
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
|
Loading…
Reference in New Issue
Block a user