summaryrefslogtreecommitdiffstats
path: root/iptables
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-10-23 16:59:14 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-10-23 17:24:05 +0200
commit682f39afe64305a820d3d8e186d0a6da893f0f35 (patch)
tree6e95b84f194dcb315466770d293008df40d05c43 /iptables
parent90f7dc3c28a7381ea80aef0b1376d3dd5f1fbf4e (diff)
xtables: Fix for spurious errors from iptables-translate
When aligning iptables-nft error messages with legacy ones, I missed that translate tools shouldn't check for missing or duplicated chains. Introduce a boolean in struct nft_xt_cmd_parse indicating we're "just" translating and do_parse() should skip the checks. Fixes: b6a06c1a215f8 ("xtables: Align return codes with legacy iptables") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables')
-rw-r--r--iptables/nft-shared.h1
-rw-r--r--iptables/xtables-translate.c1
-rw-r--r--iptables/xtables.c6
3 files changed, 5 insertions, 3 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 1281f080..e3ecdb4d 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -233,6 +233,7 @@ struct nft_xt_cmd_parse {
const char *policy;
bool restore;
int verbose;
+ bool xlate;
};
void do_parse(struct nft_handle *h, int argc, char *argv[],
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index f4c0f9cf..849c53f3 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -216,6 +216,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
struct nft_xt_cmd_parse p = {
.table = *table,
.restore = restore,
+ .xlate = true,
};
struct iptables_command_state cs;
struct xtables_args args = {
diff --git a/iptables/xtables.c b/iptables/xtables.c
index e0343dba..0038804e 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1063,16 +1063,16 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
p->chain);
}
- if (!nft_chain_exists(h, p->table, p->chain))
+ if (!p->xlate && !nft_chain_exists(h, p->table, p->chain))
xtables_error(OTHER_PROBLEM,
"Chain '%s' does not exist", cs->jumpto);
- if (!cs->target && strlen(cs->jumpto) > 0 &&
+ if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 &&
!nft_chain_exists(h, p->table, cs->jumpto))
xtables_error(PARAMETER_PROBLEM,
"Chain '%s' does not exist", cs->jumpto);
}
- if (p->command == CMD_NEW_CHAIN &&
+ if (!p->xlate && p->command == CMD_NEW_CHAIN &&
nft_chain_exists(h, p->table, p->chain))
xtables_error(OTHER_PROBLEM, "Chain already exists");
}