From df1ef3862761e534c6cec6bd9370285cb5909dd0 Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Mon, 3 Dec 2007 15:32:28 +0000
Subject: Fix showing help text for matches/targets with revision as user

When running as a user iptables can't determine the highest supported
revision and exits. Assume all revision are supported in case we get
a EPERM. If the user is not showing the help text but trying to add
new rules he'll get EPERM later anyway.
---
 xtables.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'xtables.c')

diff --git a/xtables.c b/xtables.c
index 6107119f..3cc864b2 100644
--- a/xtables.c
+++ b/xtables.c
@@ -411,6 +411,15 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
 
 	sockfd = socket(afinfo.family, SOCK_RAW, IPPROTO_RAW);
 	if (sockfd < 0) {
+		if (errno == EPERM) {
+			/* revision 0 is always supported. */
+			if (revision != 0)
+				fprintf(stderr, "Could not determine whether "
+						"revision %u is supported, "
+						"assuming it is.\n",
+					revision);
+			return 1;
+		}
 		fprintf(stderr, "Could not open socket to kernel: %s\n",
 			strerror(errno));
 		exit(1);
-- 
cgit v1.2.3