Skip to content

Commit

Permalink
netfilter: nf_tables: bogus ENOENT when destroying element which does…
Browse files Browse the repository at this point in the history 
… not exist

destroy element command bogusly reports ENOENT in case a set element
does not exist. ENOENT errors are skipped, however, err is still set
and propagated to userspace.

 # nft destroy element ip raw BLACKLIST { 1.2.3.4 }
 Error: Could not process rule: No such file or directory
 destroy element ip raw BLACKLIST { 1.2.3.4 }
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Fixes: f80a612 ("netfilter: nf_tables: add support to destroy operation")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Pablo Neira Ayuso committed Nov 14, 2023
1 parent c301f09 commit a7d5a95
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions net/netfilter/nf_tables_api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7263,10 +7263,11 @@ static int nf_tables_delsetelem(struct sk_buff *skb,

if (err < 0) {
NL_SET_BAD_ATTR(extack, attr);
break;
return err;
}
}
return err;

return 0;
}

/*
Expand Down

0 comments on commit a7d5a95

Please sign in to comment.