summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--iptables/nft.c12
-rw-r--r--libxtables/xtables.c7
2 files changed, 15 insertions, 4 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 041e1b8c..d011d7c8 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3514,10 +3514,16 @@ int nft_compatible_revision(const char *name, uint8_t rev, int opt)
err:
mnl_socket_close(nl);
- /* pretend revision 0 is valid if not permitted to check -
- * this is required for printing extension help texts as user */
- if (ret < 0 && errno == EPERM && rev == 0)
+ /* pretend revision 0 is valid -
+ * this is required for printing extension help texts as user, also
+ * helps error messaging on unavailable kernel extension */
+ if (ret < 0 && rev == 0) {
+ if (errno != EPERM)
+ fprintf(stderr,
+ "Warning: Extension %s revision 0 not supported, missing kernel module?\n",
+ name);
return 1;
+ }
return ret < 0 ? 0 : 1;
}
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index b34d62ac..87424d04 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -958,7 +958,12 @@ int xtables_compatible_revision(const char *name, uint8_t revision, int opt)
/* Definitely don't support this? */
if (errno == ENOENT || errno == EPROTONOSUPPORT) {
close(sockfd);
- return 0;
+ /* Pretend revision 0 support for better error messaging */
+ if (revision == 0)
+ fprintf(stderr,
+ "Warning: Extension %s revision 0 not supported, missing kernel module?\n",
+ name);
+ return (revision == 0);
} else if (errno == ENOPROTOOPT) {
close(sockfd);
/* Assume only revision 0 support (old kernel) */