69 lines
2.0 KiB
Diff
69 lines
2.0 KiB
Diff
|
From 276b4dba9aa9d52cafe8df2546050d4591ac5b01 Mon Sep 17 00:00:00 2001
|
||
|
From: Phil Sutter <phil@nwl.cc>
|
||
|
Date: Sun, 30 Dec 2018 20:06:10 +0100
|
||
|
Subject: [PATCH] xtables: Set errno in nft_rule_check() if chain not found
|
||
|
|
||
|
With this, the explicit check for chain existence can be removed from
|
||
|
xtables.c since all related commands do this now.
|
||
|
|
||
|
Note that this effectively changes the error message printed by
|
||
|
iptables-nft when given a non-existing chain, but the new error
|
||
|
message(s) conform with those printed by legacy iptables.
|
||
|
|
||
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||
|
(cherry picked from commit 41358d474357a39d616302c03cd7f943e19969a2)
|
||
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||
|
---
|
||
|
iptables/nft.c | 12 +++++++-----
|
||
|
iptables/xtables.c | 4 ----
|
||
|
2 files changed, 7 insertions(+), 9 deletions(-)
|
||
|
|
||
|
diff --git a/iptables/nft.c b/iptables/nft.c
|
||
|
index dafb879ebd6f0..1ce1ecdd276be 100644
|
||
|
--- a/iptables/nft.c
|
||
|
+++ b/iptables/nft.c
|
||
|
@@ -2007,17 +2007,19 @@ int nft_rule_check(struct nft_handle *h, const char *chain,
|
||
|
|
||
|
c = nft_chain_find(h, table, chain);
|
||
|
if (!c)
|
||
|
- return 0;
|
||
|
+ goto fail_enoent;
|
||
|
|
||
|
r = nft_rule_find(h, c, data, -1);
|
||
|
- if (r == NULL) {
|
||
|
- errno = ENOENT;
|
||
|
- return 0;
|
||
|
- }
|
||
|
+ if (r == NULL)
|
||
|
+ goto fail_enoent;
|
||
|
+
|
||
|
if (verbose)
|
||
|
h->ops->print_rule(r, 0, FMT_PRINT_RULE);
|
||
|
|
||
|
return 1;
|
||
|
+fail_enoent:
|
||
|
+ errno = ENOENT;
|
||
|
+ return 0;
|
||
|
}
|
||
|
|
||
|
int nft_rule_delete(struct nft_handle *h, const char *chain,
|
||
|
diff --git a/iptables/xtables.c b/iptables/xtables.c
|
||
|
index 24a6e234bcf4b..da11e8cc159a0 100644
|
||
|
--- a/iptables/xtables.c
|
||
|
+++ b/iptables/xtables.c
|
||
|
@@ -1064,10 +1064,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
|
||
|
p->chain);
|
||
|
}
|
||
|
|
||
|
- if (!p->xlate && !nft_chain_exists(h, p->table, p->chain))
|
||
|
- xtables_error(OTHER_PROBLEM,
|
||
|
- "Chain '%s' does not exist", p->chain);
|
||
|
-
|
||
|
if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 &&
|
||
|
!nft_chain_exists(h, p->table, cs->jumpto))
|
||
|
xtables_error(PARAMETER_PROBLEM,
|
||
|
--
|
||
|
2.21.0
|
||
|
|