projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c301f09)
netfilter: nf_tables: bogus ENOENT when destroying element which does not exist
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 13 Nov 2023 19:34:56 +0000 (20:34 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 14 Nov 2023 15:16:21 +0000 (16:16 +0100)
destroy element command bogusly reports ENOENT in case a set element
does not exist. ENOENT errors are skipped, however, err is still set
and propagated to userspace.

 # nft destroy element ip raw BLACKLIST { 1.2.3.4 }
 Error: Could not process rule: No such file or directory
 destroy element ip raw BLACKLIST { 1.2.3.4 }
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Fixes: f80a612dd77c ("netfilter: nf_tables: add support to destroy operation")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c patch | blob | history

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index a761ee6796f6fa448ba6ce8dbc50b34aaebd8e6b..debea1c67701601c5cf7b1f5a2e2f3c6a7082a10 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7263,10 +7263,11 @@ static int nf_tables_delsetelem(struct sk_buff *skb,
 
                if (err < 0) {
                        NL_SET_BAD_ATTR(extack, attr);
-                       break;
+                       return err;
                }
        }
-       return err;
+
+       return 0;
 }
 
 /*
ep93xx device tree rework repo: git://git.maquefel.me/linux.git