|
 |
8cce6c |
From 63123e24c1b957cfabcfa7708994b0d61447724e Mon Sep 17 00:00:00 2001
|
|
|
8cce6c |
From: Phil Sutter <phil@nwl.cc>
|
|
|
8cce6c |
Date: Sun, 30 Dec 2018 20:06:10 +0100
|
|
|
8cce6c |
Subject: [PATCH] xtables: Set errno in nft_rule_check() if chain not found
|
|
|
8cce6c |
|
|
|
8cce6c |
With this, the explicit check for chain existence can be removed from
|
|
|
8cce6c |
xtables.c since all related commands do this now.
|
|
|
8cce6c |
|
|
|
8cce6c |
Note that this effectively changes the error message printed by
|
|
|
8cce6c |
iptables-nft when given a non-existing chain, but the new error
|
|
|
8cce6c |
message(s) conform with those printed by legacy iptables.
|
|
|
8cce6c |
|
|
|
8cce6c |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
8cce6c |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
8cce6c |
(cherry picked from commit 41358d474357a39d616302c03cd7f943e19969a2)
|
|
|
8cce6c |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
8cce6c |
---
|
|
|
8cce6c |
iptables/nft.c | 12 +++++++-----
|
|
|
8cce6c |
iptables/xtables.c | 4 ----
|
|
|
8cce6c |
2 files changed, 7 insertions(+), 9 deletions(-)
|
|
|
8cce6c |
|
|
|
8cce6c |
diff --git a/iptables/nft.c b/iptables/nft.c
|
|
|
8cce6c |
index dafb879ebd6f0..1ce1ecdd276be 100644
|
|
|
8cce6c |
--- a/iptables/nft.c
|
|
|
8cce6c |
+++ b/iptables/nft.c
|
|
|
8cce6c |
@@ -2007,17 +2007,19 @@ int nft_rule_check(struct nft_handle *h, const char *chain,
|
|
|
8cce6c |
|
|
|
8cce6c |
c = nft_chain_find(h, table, chain);
|
|
|
8cce6c |
if (!c)
|
|
|
8cce6c |
- return 0;
|
|
|
8cce6c |
+ goto fail_enoent;
|
|
|
8cce6c |
|
|
|
8cce6c |
r = nft_rule_find(h, c, data, -1);
|
|
|
8cce6c |
- if (r == NULL) {
|
|
|
8cce6c |
- errno = ENOENT;
|
|
|
8cce6c |
- return 0;
|
|
|
8cce6c |
- }
|
|
|
8cce6c |
+ if (r == NULL)
|
|
|
8cce6c |
+ goto fail_enoent;
|
|
|
8cce6c |
+
|
|
|
8cce6c |
if (verbose)
|
|
|
8cce6c |
h->ops->print_rule(r, 0, FMT_PRINT_RULE);
|
|
|
8cce6c |
|
|
|
8cce6c |
return 1;
|
|
|
8cce6c |
+fail_enoent:
|
|
|
8cce6c |
+ errno = ENOENT;
|
|
|
8cce6c |
+ return 0;
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
int nft_rule_delete(struct nft_handle *h, const char *chain,
|
|
|
8cce6c |
diff --git a/iptables/xtables.c b/iptables/xtables.c
|
|
|
8cce6c |
index 24a6e234bcf4b..da11e8cc159a0 100644
|
|
|
8cce6c |
--- a/iptables/xtables.c
|
|
|
8cce6c |
+++ b/iptables/xtables.c
|
|
|
8cce6c |
@@ -1064,10 +1064,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
|
|
|
8cce6c |
p->chain);
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
- if (!p->xlate && !nft_chain_exists(h, p->table, p->chain))
|
|
|
8cce6c |
- xtables_error(OTHER_PROBLEM,
|
|
|
8cce6c |
- "Chain '%s' does not exist", p->chain);
|
|
|
8cce6c |
-
|
|
|
8cce6c |
if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 &&
|
|
|
8cce6c |
!nft_chain_exists(h, p->table, cs->jumpto))
|
|
|
8cce6c |
xtables_error(PARAMETER_PROBLEM,
|
|
|
8cce6c |
--
|
|
|
8cce6c |
2.20.1
|
|
|
8cce6c |
|