Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 61fbbac2 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Greg Kroah-Hartman
Browse files

netfilter: nf_tables: set element extended ACK reporting support 



commit b53c116642502b0c85ecef78bff4f826a7dd4145 upstream.

Report the element that causes problems via netlink extended ACK for set
element commands.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 9dd6e529

net/netfilter/nf_tables_api.c

+9 −4
Original line number Diff line number Diff line
@@ -4523,9 +4523,11 @@ static int nf_tables_getsetelem(struct net *net, struct sock *nlsk, 


	nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {

		err = nft_get_set_elem(&ctx, set, attr);

		if (err < 0)

		if (err < 0) {

			NL_SET_BAD_ATTR(extack, attr);

			break;

		}

	}



	return err;

}
@@ -4902,9 +4904,11 @@ static int nf_tables_newsetelem(struct net *net, struct sock *nlsk, 


	nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {

		err = nft_add_set_elem(&ctx, set, attr, nlh->nlmsg_flags);

		if (err < 0)

		if (err < 0) {

			NL_SET_BAD_ATTR(extack, attr);

			return err;

		}

	}



	if (nft_net->validate_state == NFT_VALIDATE_DO)

		return nft_table_validate(net, ctx.table);
@@ -5103,9 +5107,10 @@ static int nf_tables_delsetelem(struct net *net, struct sock *nlsk, 


	nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {

		err = nft_del_setelem(&ctx, set, attr);

		if (err < 0)

		if (err < 0) {

			NL_SET_BAD_ATTR(extack, attr);

			break;



		}

		set->ndeact++;

	}

	return err;