From: Patrick McHardy <kaber@xxxxxxxxx>
Does not serve any useful purpose, simply remove it. Also return an
error if neither a handle nor NLM_F_CREATE is specified.
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
net/netfilter/nf_tables_api.c | 31 +++++++++++++------------------
1 Datei geändert, 13 Zeilen hinzugefügt(+), 18 Zeilen entfernt(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index afda73f..bacd417 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1363,26 +1363,21 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
if (nla[NFTA_RULE_HANDLE]) {
handle = be64_to_cpu(nla_get_be64(nla[NFTA_RULE_HANDLE]));
rule = __nf_tables_rule_lookup(chain, handle);
- if (IS_ERR(rule)) {
- if (PTR_ERR(rule) != -ENOENT)
- return PTR_ERR(rule);
- rule = NULL;
- }
+ if (IS_ERR(rule))
+ return PTR_ERR(rule);
- if (rule != NULL) {
- if (nlh->nlmsg_flags & NLM_F_EXCL)
- return -EEXIST;
- if (nlh->nlmsg_flags & NLM_F_REPLACE) {
- old_rule = rule;
- rule = NULL;
- } else
- return 0;
- }
- } else
+ if (nlh->nlmsg_flags & NLM_F_EXCL)
+ return -EEXIST;
+ if (nlh->nlmsg_flags & NLM_F_REPLACE) {
+ old_rule = rule;
+ rule = NULL;
+ } else
+ return 0;
+ } else {
+ if (!create)
+ return -EINVAL;
handle = nf_tables_alloc_handle(table);
-
- if (handle == 0)
- return -EINVAL;
+ }
n = 0;
size = 0;
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
