netfilter: nft_dynset: relax superfluous check on set updates

commit 7b1394892de8d95748d05e3ee41e85edb4abbfa1 upstream. Relax this condition to make add and update commands idempotent for sets with no timeout. The eval function already checks if the set element timeout is available and updates it if the update command is used. Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-06-13 04:01:59 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-06-16 14:23:43 +0300
commit: 79e98cd78610560a6a6cf85200eb31331602f9a9 (patch)
tree: f15c4c0f8407d0884effd12be8b37aef21179ab5 /net
parent: c5c4746c8cd6d049dcbf39c811172c917ea6fb6e (diff)
download: linux-79e98cd78610560a6a6cf85200eb31331602f9a9.tar.xz
1 files changed, 1 insertions, 9 deletions
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 04ca3afe70dc..1cc6f4602575 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -154,16 +154,8 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
 		return -EBUSY;
 
 	priv->op = ntohl(nla_get_be32(tb[NFTA_DYNSET_OP]));
-	switch (priv->op) {
-	case NFT_DYNSET_OP_ADD:
-		break;
-	case NFT_DYNSET_OP_UPDATE:
-		if (!(set->flags & NFT_SET_TIMEOUT))
-			return -EOPNOTSUPP;
-		break;
-	default:
+	if (priv->op > NFT_DYNSET_OP_UPDATE)
 		return -EOPNOTSUPP;
-	}
 
 	timeout = 0;
 	if (tb[NFTA_DYNSET_TIMEOUT] != NULL) {
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-06-13 04:01:59 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-06-16 14:23:43 +0300
commit	79e98cd78610560a6a6cf85200eb31331602f9a9 (patch)
tree	f15c4c0f8407d0884effd12be8b37aef21179ab5 /net
parent	c5c4746c8cd6d049dcbf39c811172c917ea6fb6e (diff)
download	linux-79e98cd78610560a6a6cf85200eb31331602f9a9.tar.xz