diff options
-rw-r--r-- | iptables/nft.c | 12 | ||||
-rw-r--r-- | libxtables/xtables.c | 7 |
2 files changed, 15 insertions, 4 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 041e1b8c..d011d7c8 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -3514,10 +3514,16 @@ int nft_compatible_revision(const char *name, uint8_t rev, int opt) err: mnl_socket_close(nl); - /* pretend revision 0 is valid if not permitted to check - - * this is required for printing extension help texts as user */ - if (ret < 0 && errno == EPERM && rev == 0) + /* pretend revision 0 is valid - + * this is required for printing extension help texts as user, also + * helps error messaging on unavailable kernel extension */ + if (ret < 0 && rev == 0) { + if (errno != EPERM) + fprintf(stderr, + "Warning: Extension %s revision 0 not supported, missing kernel module?\n", + name); return 1; + } return ret < 0 ? 0 : 1; } diff --git a/libxtables/xtables.c b/libxtables/xtables.c index b34d62ac..87424d04 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -958,7 +958,12 @@ int xtables_compatible_revision(const char *name, uint8_t revision, int opt) /* Definitely don't support this? */ if (errno == ENOENT || errno == EPROTONOSUPPORT) { close(sockfd); - return 0; + /* Pretend revision 0 support for better error messaging */ + if (revision == 0) + fprintf(stderr, + "Warning: Extension %s revision 0 not supported, missing kernel module?\n", + name); + return (revision == 0); } else if (errno == ENOPROTOOPT) { close(sockfd); /* Assume only revision 0 support (old kernel) */ |