diff options
| author | Jozsef Kadlecsik <kadlec@netfilter.org> | 2020-10-29 16:39:47 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-10-31 11:54:26 +0100 |
| commit | a304ea7daf542b1e4a136be80bc973fc713e6ca6 (patch) | |
| tree | 595df5259c3f6febb7ad16f8f0dd421588330dd6 /net | |
| parent | 6bbb9ad36c93d3a422de862b78bd5330b44b3fa4 (diff) | |
| download | lwn-a304ea7daf542b1e4a136be80bc973fc713e6ca6.tar.gz lwn-a304ea7daf542b1e4a136be80bc973fc713e6ca6.zip | |
netfilter: ipset: Support the -exist flag with the destroy command
The -exist flag was supported with the create, add and delete commands.
In order to gracefully handle the destroy command with nonexistent sets,
the -exist flag is added to destroy too.
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/ipset/ip_set_core.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 6f35832f0de3..e3c00dacec5c 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1239,10 +1239,12 @@ static int ip_set_destroy(struct net *net, struct sock *ctnl, /* Modified by ip_set_destroy() only, which is serialized */ inst->is_destroyed = false; } else { + u32 flags = flag_exist(nlh); s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]), &i); if (!s) { - ret = -ENOENT; + if (!(flags & IPSET_FLAG_EXIST)) + ret = -ENOENT; goto out; } else if (s->ref || s->ref_netlink) { ret = -IPSET_ERR_BUSY; |