diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-31 12:29:57 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-01 10:12:40 +0200 |
commit | b6a06c1a215f867f7eee4a3f2f40ec14028fe186 (patch) | |
tree | a941776217826cb296c2477e403747f8397437a1 /iptables/xtables.c | |
parent | 3bb497c61d743ba811e7f501e54cc5071216e1f5 (diff) |
xtables: Align return codes with legacy iptables
Make sure return codes match legacy ones at least for a few selected
commands typically used to check ruleset state.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/xtables.c')
-rw-r--r-- | iptables/xtables.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/iptables/xtables.c b/iptables/xtables.c index 72f65962..313b985b 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -976,6 +976,10 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], if (cs->invert) xtables_error(PARAMETER_PROBLEM, "unexpected ! flag before --table"); + if (!nft_table_builtin_find(h, optarg)) + xtables_error(VERSION_PROBLEM, + "table '%s' does not exist", + optarg); p->table = optarg; break; @@ -1156,12 +1160,18 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], p->chain); } - /* - * Contrary to what iptables does, we assume that any jumpto - * is a custom chain jumps (if no target is found). Later on, - * nf_table will spot the error if the chain does not exists. - */ + if (p->chain && !nft_chain_exists(h, p->table, p->chain)) + xtables_error(OTHER_PROBLEM, + "Chain '%s' does not exist", cs->jumpto); + + if (!cs->target && strlen(cs->jumpto) > 0 && + !nft_chain_exists(h, p->table, cs->jumpto)) + xtables_error(PARAMETER_PROBLEM, + "Chain '%s' does not exist", cs->jumpto); } + if (p->command == CMD_NEW_CHAIN && + nft_chain_exists(h, p->table, p->chain)) + xtables_error(OTHER_PROBLEM, "Chain already exists"); } int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, |