armbian/linux-rockchip
0
0
Fork 0
mirror of https://github.com/armbian/linux-rockchip.git synced 2026-01-06 11:08:10 -08:00
Code Issues Packages Projects Releases Wiki Activity

netfilter: nft_dynset: relax superfluous check on set updates

Browse Source 
[ Upstream commit 7b1394892d ]

Relax this condition to make add and update commands idempotent for sets
with no timeout. The eval function already checks if the set element
timeout is available and updates it if the update command is used.

Fixes: 22fe54d5fe ("netfilter: nf_tables: add support for dynamic set updates")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Pablo Neira Ayuso
2021-09-25 22:40:26 +02:00
committed by Greg Kroah-Hartman
parent af756be29c
commit 740a794e01
1 changed files with 1 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
net/netfilter/nft_dynset.c
View File

@@ -141,17 +141,8 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
return -EBUSY;
priv->op = ntohl(nla_get_be32(tb[NFTA_DYNSET_OP]));
switch (priv->op) {
case NFT_DYNSET_OP_ADD:
case NFT_DYNSET_OP_DELETE:
break;
case NFT_DYNSET_OP_UPDATE:
if (!(set->flags & NFT_SET_TIMEOUT))
return -EOPNOTSUPP;
break;
default:
if (priv->op > NFT_DYNSET_OP_DELETE)
return -EOPNOTSUPP;
}
timeout = 0;
if (tb[NFTA_DYNSET_TIMEOUT] != NULL) {