Message ID | 1625b855afe7a5f5c9029fcf91f549fd3d8b4b3e.1584841602.git.sbrivio@redhat.com |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
Series | nftables: Consistently report partial and entire set overlaps | expand |
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index d1318bdf49ca..51371efe8bf0 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -5077,6 +5077,11 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set, err = -EBUSY; else if (!(nlmsg_flags & NLM_F_EXCL)) err = 0; + } else if (err == -ENOTEMPTY) { + /* ENOTEMPTY reports overlapping between this element + * and an existing one. + */ + err = -EEXIST; } goto err_element_clash; }