diff options
author | Phil Sutter <phil@nwl.cc> | 2019-07-25 17:19:13 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-29 15:17:51 +0200 |
commit | 719940f6f48d98f5b7aebe7562948f2cff6f5cf8 (patch) | |
tree | c96bbc6f279781750603584e0fbfb0b8f43eb55a /iptables/nft.c | |
parent | d76475ce1c30f6c3e3f3ca85964bdfc4425acb81 (diff) |
nft: Set errno in nft_rule_flush()
When trying to flush a non-existent chain, errno gets set in
nft_xtables_config_load(). That is an unintended side-effect and when
support for xtables.conf is later removed, iptables-nft will emit the
generic "Incompatible with this kernel." error message instead of "No
chain/target/match by that name." as it should.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index cd42af70..9f8df541 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1804,8 +1804,10 @@ int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table, if (chain) { c = nftnl_chain_list_lookup_byname(list, chain); - if (!c) + if (!c) { + errno = ENOENT; return 0; + } __nft_rule_flush(h, table, chain, verbose, false); flush_rule_cache(c); |