diff options
author | Florian Westphal <fw@strlen.de> | 2019-07-14 10:49:28 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-07-15 12:26:36 +0200 |
commit | e5cab728c40be88c541f68e4601d39178c36111f (patch) | |
tree | b38dc7111501a000ed652e59487a87ed2137796a | |
parent | 5f5399f11345eebd21d5596bd39d8aed9cfccc52 (diff) |
nft: exit in case we can't fetch current genid
When running iptables -nL as non-root user, iptables would loop indefinitely.
With this change, it will fail with
iptables v1.8.3 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root)
Reported-by: Amish <anon.amish@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | iptables/nft.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index e927d1db..8f0d5e66 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -82,13 +82,19 @@ out: return MNL_CB_ERROR; } -static int mnl_genid_get(struct nft_handle *h, uint32_t *genid) +static void mnl_genid_get(struct nft_handle *h, uint32_t *genid) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; + int ret; nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETGEN, 0, 0, h->seq); - return mnl_talk(h, nlh, genid_cb, genid); + ret = mnl_talk(h, nlh, genid_cb, genid); + if (ret == 0) + return; + + xtables_error(RESOURCE_PROBLEM, + "Could not fetch rule set generation id: %s\n", nft_strerror(errno)); } int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh, |