xtables: Align return codes with legacy iptables

Make sure return codes match legacy ones at least for a few selected
commands typically used to check ruleset state.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>

1 files changed, 15 insertions, 5 deletions

diff --git a/iptables/xtables.c b/iptables/xtables.c
index 72f65962..313b985b 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -976,6 +976,10 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 			if (cs->invert)
 				xtables_error(PARAMETER_PROBLEM,
 					   "unexpected ! flag before --table");
+			if (!nft_table_builtin_find(h, optarg))
+				xtables_error(VERSION_PROBLEM,
+					      "table '%s' does not exist",
+					      optarg);
 			p->table = optarg;
 			break;
 
@@ -1156,12 +1160,18 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 					   p->chain);
 		}
 
-		/*
-		 * Contrary to what iptables does, we assume that any jumpto
-		 * is a custom chain jumps (if no target is found). Later on,
-		 * nf_table will spot the error if the chain does not exists.
-		 */
+		if (p->chain && !nft_chain_exists(h, p->table, p->chain))
+			xtables_error(OTHER_PROBLEM,
+				      "Chain '%s' does not exist", cs->jumpto);
+
+		if (!cs->target && strlen(cs->jumpto) > 0 &&
+		    !nft_chain_exists(h, p->table, cs->jumpto))
+			xtables_error(PARAMETER_PROBLEM,
+				      "Chain '%s' does not exist", cs->jumpto);
 	}
+	if (p->command == CMD_NEW_CHAIN &&
+	    nft_chain_exists(h, p->table, p->chain))
+		xtables_error(OTHER_PROBLEM, "Chain already exists");
 }
 
 int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,