netfilter: nf_tables: set element extended ACK reporting support

commit b53c116642502b0c85ecef78bff4f826a7dd4145 upstream. Report the element that causes problems via netlink extended ACK for set element commands. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-08-12 12:27:39 +02:00 · 2024-08-12 12:27:39 +02:00 · 466cd07e9a
commit 466cd07e9a
parent bc2bb965ce
1 changed files with 9 additions and 4 deletions
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@ -5354,8 +5354,10 @@ static int nf_tables_getsetelem(struct net *net, struct sock *nlsk,
 	nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
 		err = nft_get_set_elem(&ctx, set, attr);
-		if (err < 0)
+		if (err < 0) {
 			NL_SET_BAD_ATTR(extack, attr);
 			break;
 		}
 	}
 	return err;
@ -5848,8 +5850,10 @@ static int nf_tables_newsetelem(struct net *net, struct sock *nlsk,
 	nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
 		err = nft_add_set_elem(&ctx, set, attr, nlh->nlmsg_flags);
-		if (err < 0)
+		if (err < 0) {
 			NL_SET_BAD_ATTR(extack, attr);
 			return err;
 		}
 	}
 	if (nft_net->validate_state == NFT_VALIDATE_DO)
@ -6058,9 +6062,10 @@ static int nf_tables_delsetelem(struct net *net, struct sock *nlsk,
 	nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
 		err = nft_del_setelem(&ctx, set, attr);
-		if (err < 0)
+		if (err < 0) {
 			NL_SET_BAD_ATTR(extack, attr);
 			break;
-
+		}
 		set->ndeact++;
 	}
 	return err;