|
 |
029dc7 |
From 276b4dba9aa9d52cafe8df2546050d4591ac5b01 Mon Sep 17 00:00:00 2001
|
|
|
029dc7 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
029dc7 |
Date: Sun, 30 Dec 2018 20:06:10 +0100
|
|
|
029dc7 |
Subject: [PATCH] xtables: Set errno in nft_rule_check() if chain not found
|
|
|
029dc7 |
|
|
|
029dc7 |
With this, the explicit check for chain existence can be removed from
|
|
|
029dc7 |
xtables.c since all related commands do this now.
|
|
|
029dc7 |
|
|
|
029dc7 |
Note that this effectively changes the error message printed by
|
|
|
029dc7 |
iptables-nft when given a non-existing chain, but the new error
|
|
|
029dc7 |
message(s) conform with those printed by legacy iptables.
|
|
|
029dc7 |
|
|
|
029dc7 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
029dc7 |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
029dc7 |
(cherry picked from commit 41358d474357a39d616302c03cd7f943e19969a2)
|
|
|
029dc7 |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
029dc7 |
---
|
|
|
029dc7 |
iptables/nft.c | 12 +++++++-----
|
|
|
029dc7 |
iptables/xtables.c | 4 ----
|
|
|
029dc7 |
2 files changed, 7 insertions(+), 9 deletions(-)
|
|
|
029dc7 |
|
|
|
029dc7 |
diff --git a/iptables/nft.c b/iptables/nft.c
|
|
|
029dc7 |
index dafb879ebd6f0..1ce1ecdd276be 100644
|
|
|
029dc7 |
--- a/iptables/nft.c
|
|
|
029dc7 |
+++ b/iptables/nft.c
|
|
|
029dc7 |
@@ -2007,17 +2007,19 @@ int nft_rule_check(struct nft_handle *h, const char *chain,
|
|
|
029dc7 |
|
|
|
029dc7 |
c = nft_chain_find(h, table, chain);
|
|
|
029dc7 |
if (!c)
|
|
|
029dc7 |
- return 0;
|
|
|
029dc7 |
+ goto fail_enoent;
|
|
|
029dc7 |
|
|
|
029dc7 |
r = nft_rule_find(h, c, data, -1);
|
|
|
029dc7 |
- if (r == NULL) {
|
|
|
029dc7 |
- errno = ENOENT;
|
|
|
029dc7 |
- return 0;
|
|
|
029dc7 |
- }
|
|
|
029dc7 |
+ if (r == NULL)
|
|
|
029dc7 |
+ goto fail_enoent;
|
|
|
029dc7 |
+
|
|
|
029dc7 |
if (verbose)
|
|
|
029dc7 |
h->ops->print_rule(r, 0, FMT_PRINT_RULE);
|
|
|
029dc7 |
|
|
|
029dc7 |
return 1;
|
|
|
029dc7 |
+fail_enoent:
|
|
|
029dc7 |
+ errno = ENOENT;
|
|
|
029dc7 |
+ return 0;
|
|
|
029dc7 |
}
|
|
|
029dc7 |
|
|
|
029dc7 |
int nft_rule_delete(struct nft_handle *h, const char *chain,
|
|
|
029dc7 |
diff --git a/iptables/xtables.c b/iptables/xtables.c
|
|
|
029dc7 |
index 24a6e234bcf4b..da11e8cc159a0 100644
|
|
|
029dc7 |
--- a/iptables/xtables.c
|
|
|
029dc7 |
+++ b/iptables/xtables.c
|
|
|
029dc7 |
@@ -1064,10 +1064,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
|
|
|
029dc7 |
p->chain);
|
|
|
029dc7 |
}
|
|
|
029dc7 |
|
|
|
029dc7 |
- if (!p->xlate && !nft_chain_exists(h, p->table, p->chain))
|
|
|
029dc7 |
- xtables_error(OTHER_PROBLEM,
|
|
|
029dc7 |
- "Chain '%s' does not exist", p->chain);
|
|
|
029dc7 |
-
|
|
|
029dc7 |
if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 &&
|
|
|
029dc7 |
!nft_chain_exists(h, p->table, cs->jumpto))
|
|
|
029dc7 |
xtables_error(PARAMETER_PROBLEM,
|
|
|
029dc7 |
--
|
|
|
029dc7 |
2.21.0
|
|
|
029dc7 |
|