diff options
author | Phil Sutter <phil@nwl.cc> | 2019-02-13 11:11:25 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-02-13 20:08:31 +0100 |
commit | 0dbe82362b5cd257162109a29e1f5142fb6f8a09 (patch) | |
tree | d4bfd0925c35c27c17452843bf2e23374748750f | |
parent | c19fa5833a0bc0eb787799634bd26dea91fcdca1 (diff) |
xtables: Fix error messages in commands with rule number
Use E2BIG if rule identified by given number is not found. ENOENT is
used if referenced chain is not found. Without this, a command
specifying a non-existing chain in combination with a rule number like
e.g.: 'iptables-nft -I nonexist 23 -j ACCEPT' returns "Index of
insertion too big." instead of "No chain/target/match by that name."
like legacy iptables does.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | iptables/nft.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index c1b8ba3a..f42a1be7 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2235,7 +2235,7 @@ int nft_rule_insert(struct nft_handle *h, const char *chain, return nft_rule_append(h, chain, table, data, NULL, verbose); - errno = ENOENT; + errno = E2BIG; goto err; } } @@ -2276,7 +2276,7 @@ int nft_rule_delete_num(struct nft_handle *h, const char *chain, if (ret < 0) errno = ENOMEM; } else - errno = ENOENT; + errno = E2BIG; return ret; } @@ -2304,7 +2304,7 @@ int nft_rule_replace(struct nft_handle *h, const char *chain, ret = nft_rule_append(h, chain, table, data, r, verbose); } else - errno = ENOENT; + errno = E2BIG; return ret; } @@ -2985,10 +2985,10 @@ const char *nft_strerror(int err) { nft_chain_user_del, EMLINK, "Can't delete chain with references left" }, { nft_chain_user_add, EEXIST, "Chain already exists" }, - { nft_rule_insert, ENOENT, "Index of insertion too big" }, + { nft_rule_insert, E2BIG, "Index of insertion too big" }, { nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" }, - { nft_rule_replace, ENOENT, "Index of replacement too big" }, - { nft_rule_delete_num, ENOENT, "Index of deletion too big" }, + { nft_rule_replace, E2BIG, "Index of replacement too big" }, + { nft_rule_delete_num, E2BIG, "Index of deletion too big" }, /* { TC_READ_COUNTER, E2BIG, "Index of counter too big" }, { TC_ZERO_COUNTER, E2BIG, "Index of counter too big" }, */ /* ENOENT for DELETE probably means no matching rule */ |