iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: nf_tables: bogus ENOENT when destroying element which does not exist

Browse Source 
[ Upstream commit a7d5a955bfa854ac6b0c53aaf933394b4e6139e4 ]

destroy element command bogusly reports ENOENT in case a set element
does not exist. ENOENT errors are skipped, however, err is still set
and propagated to userspace.

 # nft destroy element ip raw BLACKLIST { 1.2.3.4 }
 Error: Could not process rule: No such file or directory
 destroy element ip raw BLACKLIST { 1.2.3.4 }
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Fixes: f80a612dd77c ("netfilter: nf_tables: add support to destroy operation")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Pablo Neira Ayuso 2023-11-13 20:34:56 +01:00 committed by Greg Kroah-Hartman
parent 013deed31a
commit f603b616ba
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
net/netfilter/nf_tables_api.c
View File

@ -7205,10 +7205,11 @@ static int nf_tables_delsetelem(struct sk_buff *skb,
if (err < 0) {
NL_SET_BAD_ATTR(extack, attr);
break;
return err;
}
}
return err;
return 0;
}
/*