From 39f6689b39c4f4600b8373a130b67d228b97b1e1 Mon Sep 17 00:00:00 2001
From: Ainar Garipov <a.garipov@adguard.com>
Date: Mon, 1 Feb 2021 20:44:15 +0300
Subject: [PATCH] Pull request: dnsforward: add a crutch against einval for
 ipset

Merge in DNS/adguard-home from fix-ipset to master

Squashed commit of the following:

commit 18538b0276a0896ad7d99bd0edd1604af80e790f
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Mon Feb 1 20:30:13 2021 +0300

    dnsforward: add a crutch against einval for ipset
---
 internal/dnsforward/dnsforward.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/internal/dnsforward/dnsforward.go b/internal/dnsforward/dnsforward.go
index 78777002..3384f6cb 100644
--- a/internal/dnsforward/dnsforward.go
+++ b/internal/dnsforward/dnsforward.go
@@ -200,15 +200,19 @@ func (s *Server) Prepare(config *ServerConfig) error {
 	// --
 	err := s.ipset.init(s.conf.IPSETList)
 	if err != nil {
-		if !errors.Is(err, os.ErrPermission) {
+		if !errors.Is(err, os.ErrInvalid) && !errors.Is(err, os.ErrPermission) {
 			return fmt.Errorf("cannot initialize ipset: %w", err)
 		}
 
 		// ipset cannot currently be initialized if the server was
 		// installed from Snap or when the user or the binary doesn't
-		// have the required permissions.
+		// have the required permissions, or when the kernel doesn't
+		// support netfilter.
 		//
 		// Log and go on.
+		//
+		// TODO(a.garipov): The Snap problem can probably be solved if
+		// we add the netlink-coinnector interface plug.
 		log.Error("cannot initialize ipset: %s", err)
 	}