netfilter: nft_dynset: relax superfluous check on set updates

Relax this condition to make add and update commands idempotent for sets with no timeout. The eval function already checks if the set element timeout is available and updates it if the update command is used. Fixes: 22fe54d5 ("netfilter: nf_tables: add support for dynamic set updates") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nft_dynset: relax superfluous check on set updates
Relax this condition to make add and update commands idempotent for sets with no timeout. The eval function already checks if the set element timeout is available and updates it if the update command is used. Fixes: 22fe54d5 ("netfilter: nf_tables: add support for dynamic set updates") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
7b139489 · Pablo Neira Ayuso · 2232642e · 7b139489
Commit 7b139489 authored Sep 25, 2021 by Pablo Neira Ayuso
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 10 deletions

net/netfilter/nft_dynset.c net/netfilter/nft_dynset.c +1 -10

No files found.
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -198,17 +198,8 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
 		return -EBUSY;
 	priv->op = ntohl(nla_get_be32(tb[NFTA_DYNSET_OP]));
-	switch (priv->op) {
+	if (priv->op > NFT_DYNSET_OP_DELETE)
-	case NFT_DYNSET_OP_ADD:
-	case NFT_DYNSET_OP_DELETE:
-		break;
-	case NFT_DYNSET_OP_UPDATE:
-		if (!(set->flags & NFT_SET_TIMEOUT))
-			return -EOPNOTSUPP;
-		break;
-	default:
 		return -EOPNOTSUPP;
-	}
 	timeout = 0;
 	if (tb[NFTA_DYNSET_TIMEOUT] != NULL) {