xtables: Set errno in nft_rule_check() if chain not found

With this, the explicit check for chain existence can be removed from
xtables.c since all related commands do this now.

Note that this effectively changes the error message printed by
iptables-nft when given a non-existing chain, but the new error
message(s) conform with those printed by legacy iptables.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 7 insertions, 9 deletions

diff --git a/iptables/nft.c b/iptables/nft.c
index dafb879e..1ce1ecdd 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2007,17 +2007,19 @@ int nft_rule_check(struct nft_handle *h, const char *chain,
 
 	c = nft_chain_find(h, table, chain);
 	if (!c)
-		return 0;
+		goto fail_enoent;
 
 	r = nft_rule_find(h, c, data, -1);
-	if (r == NULL) {
-		errno = ENOENT;
-		return 0;
-	}
+	if (r == NULL)
+		goto fail_enoent;
+
 	if (verbose)
 		h->ops->print_rule(r, 0, FMT_PRINT_RULE);
 
 	return 1;
+fail_enoent:
+	errno = ENOENT;
+	return 0;
 }
 
 int nft_rule_delete(struct nft_handle *h, const char *chain,
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 24a6e234..da11e8cc 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1064,10 +1064,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 					   p->chain);
 		}
 
-		if (!p->xlate && !nft_chain_exists(h, p->table, p->chain))
-			xtables_error(OTHER_PROBLEM,
-				      "Chain '%s' does not exist", p->chain);
-
 		if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 &&
 		    !nft_chain_exists(h, p->table, cs->jumpto))
 			xtables_error(PARAMETER_PROBLEM,