netfilter: nft_dynset: relax superfluous check on set updates

[ Upstream commit 7b1394892de8d95748d05e3ee41e85edb4abbfa1 ] Relax this condition to make add and update commands idempotent for sets with no timeout. The eval function already checks if the set element timeout is available and updates it if the update command is used. Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2021-09-25 22:40:26 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-11-17 09:48:36 +0100
commit: 73dd601bec0dec9d762d6caf049fdf7983b72e72 (patch)
tree: f36eccdc78a5503fc35292e441117cda196ab33f /net
parent: 62f6260f706583c27277db5e76606adfe4a0b012 (diff)
1 files changed, 1 insertions, 10 deletions
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 95415d2b81c9..6fdea0e57db8 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -164,17 +164,8 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
 		return -EBUSY;
 
 	priv->op = ntohl(nla_get_be32(tb[NFTA_DYNSET_OP]));
-	switch (priv->op) {
-	case NFT_DYNSET_OP_ADD:
-	case NFT_DYNSET_OP_DELETE:
-		break;
-	case NFT_DYNSET_OP_UPDATE:
-		if (!(set->flags & NFT_SET_TIMEOUT))
-			return -EOPNOTSUPP;
-		break;
-	default:
+	if (priv->op > NFT_DYNSET_OP_DELETE)
 		return -EOPNOTSUPP;
-	}
 
 	timeout = 0;
 	if (tb[NFTA_DYNSET_TIMEOUT] != NULL) {
author	Pablo Neira Ayuso <pablo@netfilter.org>	2021-09-25 22:40:26 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-11-17 09:48:36 +0100
commit	73dd601bec0dec9d762d6caf049fdf7983b72e72 (patch)
tree	f36eccdc78a5503fc35292e441117cda196ab33f /net
parent	62f6260f706583c27277db5e76606adfe4a0b012 (diff)