From 682f39afe64305a820d3d8e186d0a6da893f0f35 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 23 Oct 2018 16:59:14 +0200
Subject: xtables: Fix for spurious errors from iptables-translate

When aligning iptables-nft error messages with legacy ones, I missed
that translate tools shouldn't check for missing or duplicated chains.

Introduce a boolean in struct nft_xt_cmd_parse indicating we're "just"
translating and do_parse() should skip the checks.

Fixes: b6a06c1a215f8 ("xtables: Align return codes with legacy iptables")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/xtables.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'iptables/xtables.c')

diff --git a/iptables/xtables.c b/iptables/xtables.c
index e0343dba..0038804e 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1063,16 +1063,16 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 					   p->chain);
 		}
 
-		if (!nft_chain_exists(h, p->table, p->chain))
+		if (!p->xlate && !nft_chain_exists(h, p->table, p->chain))
 			xtables_error(OTHER_PROBLEM,
 				      "Chain '%s' does not exist", cs->jumpto);
 
-		if (!cs->target && strlen(cs->jumpto) > 0 &&
+		if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 &&
 		    !nft_chain_exists(h, p->table, cs->jumpto))
 			xtables_error(PARAMETER_PROBLEM,
 				      "Chain '%s' does not exist", cs->jumpto);
 	}
-	if (p->command == CMD_NEW_CHAIN &&
+	if (!p->xlate && p->command == CMD_NEW_CHAIN &&
 	    nft_chain_exists(h, p->table, p->chain))
 		xtables_error(OTHER_PROBLEM, "Chain already exists");
 }
-- 
cgit v1.2.3