netfilter: ipset: Fix subcounter update skip

commit a164b95ad6055c50612795882f35e0efda1f1390 upstream. If IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE is set, user requested to not update counters in sub sets. Therefore IPSET_FLAG_SKIP_COUNTER_UPDATE must be set, not unset. Fixes: 6e01781d1c80e ("netfilter: ipset: set match: add support to match the counters") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Phil Sutter <phil@nwl.cc> 2020-05-14 13:31:21 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-06-03 08:21:34 +0200
commit: 17021d1b899d4ccc76a09e1867707b653e04a207 (patch)
tree: 64faad041cc46296e2f4c5c9a8467eab9228b899 /net/netfilter/ipset
parent: 25f629a70680a2dc32fafc6bd38bbb2eb048e2bd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c
index 67ac50104e6f..63908123f7ba 100644
--- a/net/netfilter/ipset/ip_set_list_set.c
+++ b/net/netfilter/ipset/ip_set_list_set.c
@@ -59,7 +59,7 @@ list_set_ktest(struct ip_set *set, const struct sk_buff *skb,
 	/* Don't lookup sub-counters at all */
 	opt->cmdflags &= ~IPSET_FLAG_MATCH_COUNTERS;
 	if (opt->cmdflags & IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE)
-		opt->cmdflags &= ~IPSET_FLAG_SKIP_COUNTER_UPDATE;
+		opt->cmdflags |= IPSET_FLAG_SKIP_COUNTER_UPDATE;
 	list_for_each_entry_rcu(e, &map->members, list) {
 		ret = ip_set_test(e->id, skb, par, opt);
 		if (ret <= 0)
author	Phil Sutter <phil@nwl.cc>	2020-05-14 13:31:21 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-06-03 08:21:34 +0200
commit	17021d1b899d4ccc76a09e1867707b653e04a207 (patch)
tree	64faad041cc46296e2f4c5c9a8467eab9228b899 /net/netfilter/ipset
parent	25f629a70680a2dc32fafc6bd38bbb2eb048e2bd (diff)