diff options
author | Phil Sutter <phil@nwl.cc> | 2022-05-04 11:19:16 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-05-11 12:18:51 +0200 |
commit | 8468fd4f7c85c21ab375402bc80d0188412b6cbf (patch) | |
tree | d6409b177f85585d16bc3a3e4109c26867ea7c61 /iptables/nft.c | |
parent | ce9195c6e2fa6c6daa3c34b94353a539237b3809 (diff) |
nft: Fix EPERM handling for extensions without rev 0
Treating revision 0 as compatible in EPERM case works fine as long as
there is a revision 0 of that extension defined in DSO. Fix the code for
others: Extend the EPERM handling to all revisions and keep the existing
warning for revision 0.
Fixes: 17534cb18ed0a ("Improve error messages for unsupported extensions")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 07653ee1..ec79f2bc 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -3555,15 +3555,18 @@ int nft_compatible_revision(const char *name, uint8_t rev, int opt) err: mnl_socket_close(nl); - /* pretend revision 0 is valid - + /* ignore EPERM and errors for revision 0 - * this is required for printing extension help texts as user, also * helps error messaging on unavailable kernel extension */ - if (ret < 0 && rev == 0) { - if (errno != EPERM) + if (ret < 0) { + if (errno == EPERM) + return 1; + if (rev == 0) { fprintf(stderr, "Warning: Extension %s revision 0 not supported, missing kernel module?\n", name); - return 1; + return 1; + } } return ret < 0 ? 0 : 1; |