diff options
| author |   Pablo Neira Ayuso <pablo@netfilter.org> | 2021-09-25 22:40:26 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-10-07 19:53:15 +0200 |
| commit | 7b1394892de8d95748d05e3ee41e85edb4abbfa1 (patch) | |
| tree | 3fa440e9560040c5cb90c1cea5f61045793b2ec0 /net/netfilter/nft_dynset.c | |
| parent | ipvs: add sysctl_run_estimation to support disable estimation (diff) | |
| download | linux-dev-7b1394892de8d95748d05e3ee41e85edb4abbfa1.tar.xz linux-dev-7b1394892de8d95748d05e3ee41e85edb4abbfa1.zip | |
netfilter: nft_dynset: relax superfluous check on set updates
Relax this condition to make add and update commands idempotent for sets
with no timeout. The eval function already checks if the set element
timeout is available and updates it if the update command is used.
Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_dynset.c')
| -rw-r--r-- | net/netfilter/nft_dynset.c | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c index 6ba3256fa844..87f3af4645d9 100644 --- a/net/netfilter/nft_dynset.c +++ b/net/netfilter/nft_dynset.c @@ -198,17 +198,8 @@ static int nft_dynset_init(const struct nft_ctx *ctx, return -EBUSY; priv->op = ntohl(nla_get_be32(tb[NFTA_DYNSET_OP])); - switch (priv->op) { - case NFT_DYNSET_OP_ADD: - case NFT_DYNSET_OP_DELETE: - break; - case NFT_DYNSET_OP_UPDATE: - if (!(set->flags & NFT_SET_TIMEOUT)) - return -EOPNOTSUPP; - break; - default: + if (priv->op > NFT_DYNSET_OP_DELETE) return -EOPNOTSUPP; - } timeout = 0; if (tb[NFTA_DYNSET_TIMEOUT] != NULL) { |