This fixes
# iptables-compat -X test4345
iptables: No chain/target/match by that name.
# iptables-compat -N test4345
# iptables-compat -N test4345
iptables: File exists.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
iptables/nft.c | 22 ++++++----------------
1 file changed, 6 insertions(+), 16 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index ad4e5f9..6686a9b 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -187,17 +187,6 @@ static ssize_t mnl_nft_socket_sendmsg(const struct mnl_socket *nl)
return ret;
}
-static int cb_err(const struct nlmsghdr *nlh, void *data)
-{
- /* We can provide better error reporting than iptables-restore */
- errno = EINVAL;
- return MNL_CB_ERROR;
-}
-
-static mnl_cb_t cb_ctl_array[NLMSG_MIN_TYPE] = {
- [NLMSG_ERROR] = cb_err,
-};
-
static int mnl_nft_batch_talk(struct nft_handle *h)
{
int ret, fd = mnl_socket_get_fd(h->nl);
@@ -226,11 +215,11 @@ static int mnl_nft_batch_talk(struct nft_handle *h)
if (ret == -1)
return -1;
- ret = mnl_cb_run2(rcv_buf, ret, 0, h->portid,
- NULL, NULL, cb_ctl_array,
- MNL_ARRAY_SIZE(cb_ctl_array));
- /* Continue on error, make sure we get all acknoledgments */
- if (ret == -1)
+ ret = mnl_cb_run(rcv_buf, ret, 0, h->portid, NULL, NULL);
+ /* Annotate first error and continue, make sure we get all
+ * acknoledgments.
+ */
+ if (!err && ret == -1)
err = errno;
ret = select(fd+1, &readfds, NULL, NULL, &tv);
@@ -240,6 +229,7 @@ static int mnl_nft_batch_talk(struct nft_handle *h)
FD_ZERO(&readfds);
FD_SET(fd, &readfds);
}
+ errno = err;
return err ? -1 : 0;
}
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
