ebtables: Fix for listing of non-existent chains

When trying to list a non-existent chain, ebtables-nft would just print
the table header and then exit with a code of zero. In order to be more
consistent with legacy ebtables, change the code to:

* Print table header only if chosen chain is found and
* propagate the error condition if chain was not found to print an error
  message.

Note that this does not establish full parity with legacy ebtables due
to the error code being 1 instead of 255 and the error message differing
from the legacy one.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 7 insertions, 5 deletions

diff --git a/iptables/nft.c b/iptables/nft.c
index 8a84998b..ad4f61bb 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2323,7 +2323,7 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
 	if (iter == NULL)
 		goto err;
 
-	if (ops->print_table_header)
+	if (!chain && ops->print_table_header)
 		ops->print_table_header(table);
 
 	c = nftnl_chain_list_iter_next(iter);
@@ -2347,8 +2347,12 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
 
 		if (strcmp(table, chain_table) != 0)
 			goto next;
-		if (chain && strcmp(chain, chain_name) != 0)
-			goto next;
+		if (chain) {
+			if (strcmp(chain, chain_name) != 0)
+				goto next;
+			else if (ops->print_table_header)
+				ops->print_table_header(table);
+		}
 
 		refs -= nft_rule_count(h, chain_name, table);
 
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index a46b9e5a..534714de 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -1294,8 +1294,6 @@ check_extension:
 				 /*flags&OPT_EXPANDED*/0,
 				 flags&LIST_N,
 				 flags&LIST_C);
-		if (!(flags & OPT_ZERO))
-			exit(0);
 	}
 	if (flags & OPT_ZERO) {
 		selected_chain = zerochain;