netfilter: ctnetlink: do not erase error code with EINVAL

And be consistent in error management for both orig/reply filtering

Fixes: cb8aa9a3affb ("netfilter: ctnetlink: add kernel side filtering for dump")
Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 2663764d0b6eeba368e65f5fc6d1e7fd3689a0db..c7708bde057cb4e054ab0e22cf332058fdf19e5d 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1012,10 +1012,8 @@ ctnetlink_alloc_filter(const struct nlattr * const cda[], u8 family)
                                                   filter->family,
                                                   &filter->zone,
                                                   filter->reply_flags);
-               if (err < 0) {
-                       err = -EINVAL;
+               if (err < 0)
                        goto err_filter;
-               }
        }
 
        return filter;