diff options
author | Jozsef Kadlecsik | 2013-02-21 04:12:40 -0600 |
---|---|---|
committer | Greg Kroah-Hartman | 2013-05-11 15:53:55 -0500 |
commit | cf75e569817b1311815cafe2ea39110e706479e0 (patch) | |
tree | 11fa63cecb63f242a971654b4ba3d53fec1fbb3c /net | |
parent | bc73e38cee0626945a70cb0c2d873aaae3795130 (diff) | |
download | kernel-video-cf75e569817b1311815cafe2ea39110e706479e0.tar.gz kernel-video-cf75e569817b1311815cafe2ea39110e706479e0.tar.xz kernel-video-cf75e569817b1311815cafe2ea39110e706479e0.zip |
netfilter: ipset: "Directory not empty" error message
commit dd82088dab3646ed28e4aa43d1a5b5d5ffc2afba upstream.
When an entry flagged with "nomatch" was tested by ipset, it
returned the error message "Kernel error received:
Directory not empty" instead of "<element> is NOT in set <setname>"
(reported by John Brendler).
The internal error code was not properly transformed before returning
to userspace, fixed.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/ipset/ip_set_core.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 6d6d8f2b033..38ca630eeeb 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c | |||
@@ -1470,7 +1470,8 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb, | |||
1470 | if (ret == -EAGAIN) | 1470 | if (ret == -EAGAIN) |
1471 | ret = 1; | 1471 | ret = 1; |
1472 | 1472 | ||
1473 | return ret < 0 ? ret : ret > 0 ? 0 : -IPSET_ERR_EXIST; | 1473 | return (ret < 0 && ret != -ENOTEMPTY) ? ret : |
1474 | ret > 0 ? 0 : -IPSET_ERR_EXIST; | ||
1474 | } | 1475 | } |
1475 | 1476 | ||
1476 | /* Get headed data of a set */ | 1477 | /* Get headed data of a set */ |