diff options
author | Phil Sutter <phil@nwl.cc> | 2018-10-23 16:59:14 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-23 17:24:05 +0200 |
commit | 682f39afe64305a820d3d8e186d0a6da893f0f35 (patch) | |
tree | 6e95b84f194dcb315466770d293008df40d05c43 /iptables | |
parent | 90f7dc3c28a7381ea80aef0b1376d3dd5f1fbf4e (diff) |
xtables: Fix for spurious errors from iptables-translate
When aligning iptables-nft error messages with legacy ones, I missed
that translate tools shouldn't check for missing or duplicated chains.
Introduce a boolean in struct nft_xt_cmd_parse indicating we're "just"
translating and do_parse() should skip the checks.
Fixes: b6a06c1a215f8 ("xtables: Align return codes with legacy iptables")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft-shared.h | 1 | ||||
-rw-r--r-- | iptables/xtables-translate.c | 1 | ||||
-rw-r--r-- | iptables/xtables.c | 6 |
3 files changed, 5 insertions, 3 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 1281f080..e3ecdb4d 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -233,6 +233,7 @@ struct nft_xt_cmd_parse { const char *policy; bool restore; int verbose; + bool xlate; }; void do_parse(struct nft_handle *h, int argc, char *argv[], diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index f4c0f9cf..849c53f3 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -216,6 +216,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[], struct nft_xt_cmd_parse p = { .table = *table, .restore = restore, + .xlate = true, }; struct iptables_command_state cs; struct xtables_args args = { diff --git a/iptables/xtables.c b/iptables/xtables.c index e0343dba..0038804e 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -1063,16 +1063,16 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], p->chain); } - if (!nft_chain_exists(h, p->table, p->chain)) + if (!p->xlate && !nft_chain_exists(h, p->table, p->chain)) xtables_error(OTHER_PROBLEM, "Chain '%s' does not exist", cs->jumpto); - if (!cs->target && strlen(cs->jumpto) > 0 && + if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 && !nft_chain_exists(h, p->table, cs->jumpto)) xtables_error(PARAMETER_PROBLEM, "Chain '%s' does not exist", cs->jumpto); } - if (p->command == CMD_NEW_CHAIN && + if (!p->xlate && p->command == CMD_NEW_CHAIN && nft_chain_exists(h, p->table, p->chain)) xtables_error(OTHER_PROBLEM, "Chain already exists"); } |