netfilter: ipset: Support the -exist flag with the destroy command

The -exist flag was supported with the create, add and delete commands. In order to gracefully handle the destroy command with nonexistent sets, the -exist flag is added to destroy too. Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Jozsef Kadlecsik <kadlec@netfilter.org> 2020-10-29 16:39:47 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-10-31 11:54:26 +0100
commit: a304ea7daf542b1e4a136be80bc973fc713e6ca6 (patch)
tree: 595df5259c3f6febb7ad16f8f0dd421588330dd6 /net/netfilter/ipset
parent: netfilter: nft_reject: add reject verdict support for netdev (diff)
download: linux-dev-a304ea7daf542b1e4a136be80bc973fc713e6ca6.tar.xz
linux-dev-a304ea7daf542b1e4a136be80bc973fc713e6ca6.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 6f35832f0de3..e3c00dacec5c 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1239,10 +1239,12 @@ static int ip_set_destroy(struct net *net, struct sock *ctnl,
 		/* Modified by ip_set_destroy() only, which is serialized */
 		inst->is_destroyed = false;
 	} else {
+		u32 flags = flag_exist(nlh);
 		s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]),
 				    &i);
 		if (!s) {
-			ret = -ENOENT;
+			if (!(flags & IPSET_FLAG_EXIST))
+				ret = -ENOENT;
 			goto out;
 		} else if (s->ref || s->ref_netlink) {
 			ret = -IPSET_ERR_BUSY;
author	Jozsef Kadlecsik <kadlec@netfilter.org>	2020-10-29 16:39:47 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-10-31 11:54:26 +0100
commit	a304ea7daf542b1e4a136be80bc973fc713e6ca6 (patch)
tree	595df5259c3f6febb7ad16f8f0dd421588330dd6 /net/netfilter/ipset
parent	netfilter: nft_reject: add reject verdict support for netdev (diff)
download	linux-dev-a304ea7daf542b1e4a136be80bc973fc713e6ca6.tar.xz linux-dev-a304ea7daf542b1e4a136be80bc973fc713e6ca6.zip