From cb368b6f6f58bf04ad2bf3316b8e1ddf5389e3f9 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 29 May 2018 10:20:47 +0200 Subject: xtables: more error printing fixes Check for nft_insert_rule, since nft_add_rule is never set via nft_fn. Moreover, generalize ELOOP error since there is only one single location in the kernel code where we can hit this. Signed-off-by: Pablo Neira Ayuso --- iptables/nft.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'iptables') diff --git a/iptables/nft.c b/iptables/nft.c index 7fd3c48e..424c9119 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2670,19 +2670,18 @@ const char *nft_strerror(int err) { nft_chain_user_del, EMLINK, "Can't delete chain with references left" }, { nft_chain_user_add, EEXIST, "Chain already exists" }, - { nft_rule_add, E2BIG, "Index of insertion too big" }, + { nft_rule_insert, ENOENT, "Index of insertion too big" }, { nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" }, { nft_rule_replace, ENOENT, "Index of replacement too big" }, { nft_rule_delete_num, ENOENT, "Index of deletion too big" }, /* { TC_READ_COUNTER, E2BIG, "Index of counter too big" }, { TC_ZERO_COUNTER, E2BIG, "Index of counter too big" }, */ - { nft_rule_add, ELOOP, "Loop found in table" }, - { nft_rule_add, EINVAL, "Target problem" }, /* ENOENT for DELETE probably means no matching rule */ { nft_rule_delete, ENOENT, "Bad rule (does a matching rule exist in that chain?)" }, { nft_chain_set, ENOENT, "Bad built-in chain name" }, { nft_chain_set, EINVAL, "Bad policy name" }, + { NULL, ELOOP, "Loop found in table" }, { NULL, EPERM, "Permission denied (you must be root)" }, { NULL, 0, "Incompatible with this kernel" }, { NULL, ENOPROTOOPT, "iptables who? (do you need to insmod?)" }, -- cgit v1.2.3