Commit a304ea7d authored Oct 29, 2020 by Jozsef Kadlecsik Committed by Pablo Neira Ayuso Oct 31, 2020

netfilter: ipset: Support the -exist flag with the destroy command



The -exist flag was supported with the create, add and delete commands.
In order to gracefully handle the destroy command with nonexistent sets,
the -exist flag is added to destroy too.

Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 6bbb9ad3

net/netfilter/ipset/ip_set_core.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -1239,9 +1239,11 @@ static int ip_set_destroy(struct net net, struct sock ctnl,
		/* Modified by ip_set_destroy() only, which is serialized */
		inst->is_destroyed = false;
		} else {
		u32 flags = flag_exist(nlh);
		s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]),
		&i);
		if (!s) {
		if (!(flags & IPSET_FLAG_EXIST))
		ret = -ENOENT;
		goto out;
		} else if (s->ref \|\| s->ref_netlink) {

Admin message