Commit dd82088d authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik

netfilter: ipset: "Directory not empty" error message

When an entry flagged with "nomatch" was tested by ipset, it
returned the error message "Kernel error received:
Directory not empty" instead of "<element> is NOT in set <setname>"
(reported by John Brendler).

The internal error code was not properly transformed before returning
to userspace, fixed.
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
parent cf1c4a09
......@@ -1470,7 +1470,8 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb,
if (ret == -EAGAIN)
ret = 1;
return ret < 0 ? ret : ret > 0 ? 0 : -IPSET_ERR_EXIST;
return (ret < 0 && ret != -ENOTEMPTY) ? ret :
ret > 0 ? 0 : -IPSET_ERR_EXIST;
}
/* Get headed data of a set */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment