xtables: more error printing fixes

Check for nft_insert_rule, since nft_add_rule is never set via nft_fn.
Moreover, generalize ELOOP error since there is only one single location
in the kernel code where we can hit this.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 2 insertions, 3 deletions

diff --git a/iptables/nft.c b/iptables/nft.c
index 7fd3c48e..424c9119 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2670,19 +2670,18 @@ const char *nft_strerror(int err)
 	    { nft_chain_user_del, EMLINK,
 	      "Can't delete chain with references left" },
 	    { nft_chain_user_add, EEXIST, "Chain already exists" },
-	    { nft_rule_add, E2BIG, "Index of insertion too big" },
+	    { nft_rule_insert, ENOENT, "Index of insertion too big" },
 	    { nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" },
 	    { nft_rule_replace, ENOENT, "Index of replacement too big" },
 	    { nft_rule_delete_num, ENOENT, "Index of deletion too big" },
 /*	    { TC_READ_COUNTER, E2BIG, "Index of counter too big" },
 	    { TC_ZERO_COUNTER, E2BIG, "Index of counter too big" }, */
-	    { nft_rule_add, ELOOP, "Loop found in table" },
-	    { nft_rule_add, EINVAL, "Target problem" },
 	    /* ENOENT for DELETE probably means no matching rule */
 	    { nft_rule_delete, ENOENT,
 	      "Bad rule (does a matching rule exist in that chain?)" },
 	    { nft_chain_set, ENOENT, "Bad built-in chain name" },
 	    { nft_chain_set, EINVAL, "Bad policy name" },
+	    { NULL, ELOOP, "Loop found in table" },
 	    { NULL, EPERM, "Permission denied (you must be root)" },
 	    { NULL, 0, "Incompatible with this kernel" },
 	    { NULL, ENOPROTOOPT, "iptables who? (do you need to insmod?)" },