diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-29 10:20:47 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-29 10:26:22 +0200 |
commit | cb368b6f6f58bf04ad2bf3316b8e1ddf5389e3f9 (patch) | |
tree | 2ff3d86564551c37611fc7e254b2e533b38fa695 | |
parent | b1b828ff23e5d35d13daa3bf67071fb515e5c86f (diff) |
xtables: more error printing fixes
Check for nft_insert_rule, since nft_add_rule is never set via nft_fn.
Moreover, generalize ELOOP error since there is only one single location
in the kernel code where we can hit this.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | iptables/nft.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 7fd3c48e..424c9119 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2670,19 +2670,18 @@ const char *nft_strerror(int err) { nft_chain_user_del, EMLINK, "Can't delete chain with references left" }, { nft_chain_user_add, EEXIST, "Chain already exists" }, - { nft_rule_add, E2BIG, "Index of insertion too big" }, + { nft_rule_insert, ENOENT, "Index of insertion too big" }, { nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" }, { nft_rule_replace, ENOENT, "Index of replacement too big" }, { nft_rule_delete_num, ENOENT, "Index of deletion too big" }, /* { TC_READ_COUNTER, E2BIG, "Index of counter too big" }, { TC_ZERO_COUNTER, E2BIG, "Index of counter too big" }, */ - { nft_rule_add, ELOOP, "Loop found in table" }, - { nft_rule_add, EINVAL, "Target problem" }, /* ENOENT for DELETE probably means no matching rule */ { nft_rule_delete, ENOENT, "Bad rule (does a matching rule exist in that chain?)" }, { nft_chain_set, ENOENT, "Bad built-in chain name" }, { nft_chain_set, EINVAL, "Bad policy name" }, + { NULL, ELOOP, "Loop found in table" }, { NULL, EPERM, "Permission denied (you must be root)" }, { NULL, 0, "Incompatible with this kernel" }, { NULL, ENOPROTOOPT, "iptables who? (do you need to insmod?)" }, |