Commit a304ea7d authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik Committed by Pablo Neira Ayuso

netfilter: ipset: Support the -exist flag with the destroy command

The -exist flag was supported with the create, add and delete commands.
In order to gracefully handle the destroy command with nonexistent sets,
the -exist flag is added to destroy too.
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 6bbb9ad3
...@@ -1239,10 +1239,12 @@ static int ip_set_destroy(struct net *net, struct sock *ctnl, ...@@ -1239,10 +1239,12 @@ static int ip_set_destroy(struct net *net, struct sock *ctnl,
/* Modified by ip_set_destroy() only, which is serialized */ /* Modified by ip_set_destroy() only, which is serialized */
inst->is_destroyed = false; inst->is_destroyed = false;
} else { } else {
u32 flags = flag_exist(nlh);
s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]), s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]),
&i); &i);
if (!s) { if (!s) {
ret = -ENOENT; if (!(flags & IPSET_FLAG_EXIST))
ret = -ENOENT;
goto out; goto out;
} else if (s->ref || s->ref_netlink) { } else if (s->ref || s->ref_netlink) {
ret = -IPSET_ERR_BUSY; ret = -IPSET_ERR_BUSY;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment