Support the -exist flag with the destroy command

The -exist flag was supported with the create, add and delete commands.
In order to gracefully handle the destroy command with nonexistent sets,
the -exist flag is added to destroy too.

Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>

diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 6fa31079ddd1f2aba55ce289258cc3c8e219544b..6e80fb4a8bc13e40c2ece0bd5c5530546ab5b995 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -1259,10 +1259,12 @@ IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl,
                /* Modified by ip_set_destroy() only, which is serialized */
                inst->is_destroyed = false;
        } else {
+               u32 flags = flag_exist(nlh);
                s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]),
                                    &i);
                if (!s) {
-                       ret = -ENOENT;
+                       if (!(flags & IPSET_FLAG_EXIST))
+                               ret = -ENOENT;
                        goto out;
                } else if (s->ref || s->ref_netlink) {
                        ret = -IPSET_ERR_BUSY;

diff --git a/lib/mnl.c b/lib/mnl.c
index cc5124d1d2a6bd680438a34da026f4d8fb94326b..d1f5ba5e23b290562132f03cd7e8247700a4fd7b 100644 (file)
--- a/lib/mnl.c
+++ b/lib/mnl.c
@@ -34,7 +34,7 @@ struct ipset_handle {
 static const uint16_t cmdflags[] = {
        [IPSET_CMD_CREATE-1]    = NLM_F_REQUEST|NLM_F_ACK|
                                        NLM_F_CREATE|NLM_F_EXCL,
-       [IPSET_CMD_DESTROY-1]   = NLM_F_REQUEST|NLM_F_ACK,
+       [IPSET_CMD_DESTROY-1]   = NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL,
        [IPSET_CMD_FLUSH-1]     = NLM_F_REQUEST|NLM_F_ACK,
        [IPSET_CMD_RENAME-1]    = NLM_F_REQUEST|NLM_F_ACK,
        [IPSET_CMD_SWAP-1]      = NLM_F_REQUEST|NLM_F_ACK,