iptables-compat: homogenize error messages

There are some differences between error messages in iptables and
iptables-compat:

 # iptables -C INPUT -s 192.168.2.102 -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
 # iptables-compat -C INPUT -s 192.168.2.102 -j ACCEPT
iptables: No chain/target/match by that name.

 # iptables -N new_chain
 # iptables -N new_chain
iptables: Chain already exists.
 # iptables-compat -N new_chain
 # iptables-compat -N new_chain
iptables: File exists.

Now, iptables-compat shows the same error messages than iptables in
those cases.

Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 4 insertions, 0 deletions

diff --git a/iptables/nft.c b/iptables/nft.c
index 5492a8fd..6cb03a0d 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1298,6 +1298,8 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
 	struct nft_chain *c;
 	int ret;
 
+	nft_fn = nft_chain_user_add;
+
 	/* If built-in chains don't exist for this table, create them */
 	if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
 		nft_xt_builtin_init(h, table);
@@ -2350,10 +2352,12 @@ const char *nft_strerror(int err)
 	  {
 	    { nft_chain_user_del, ENOTEMPTY, "Chain is not empty" },
 	    { nft_chain_user_del, EINVAL, "Can't delete built-in chain" },
+	    { nft_chain_user_del, EBUSY, "Directory not empty" },
 	    { nft_chain_user_del, EMLINK,
 	      "Can't delete chain with references left" },
 	    { nft_chain_user_add, EEXIST, "Chain already exists" },
 	    { nft_rule_add, E2BIG, "Index of insertion too big" },
+	    { nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" },
 	    { nft_rule_replace, E2BIG, "Index of replacement too big" },
 	    { nft_rule_delete_num, E2BIG, "Index of deletion too big" },
 /*	    { TC_READ_COUNTER, E2BIG, "Index of counter too big" },