When trying to list a non-existent chain, ebtables-nft would just print the table header and then exit with a code of zero. In order to be more consistent with legacy ebtables, change the code to: * Print table header only if chosen chain is found and * propagate the error condition if chain was not found to print an error message. Note that this does not establish full parity with legacy ebtables due to the error code being 1 instead of 255 and the error message differing from the legacy one. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft.c | 10 +++++++--- iptables/xtables-eb.c | 2 -- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 8a84998b961a7..ad4f61bbd49ac 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2323,7 +2323,7 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table, if (iter == NULL) goto err; - if (ops->print_table_header) + if (!chain && ops->print_table_header) ops->print_table_header(table); c = nftnl_chain_list_iter_next(iter); @@ -2347,8 +2347,12 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table, if (strcmp(table, chain_table) != 0) goto next; - if (chain && strcmp(chain, chain_name) != 0) - goto next; + if (chain) { + if (strcmp(chain, chain_name) != 0) + goto next; + else if (ops->print_table_header) + ops->print_table_header(table); + } refs -= nft_rule_count(h, chain_name, table); diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index a46b9e5a9113b..534714de7999a 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -1294,8 +1294,6 @@ check_extension: /*flags&OPT_EXPANDED*/0, flags&LIST_N, flags&LIST_C); - if (!(flags & OPT_ZERO)) - exit(0); } if (flags & OPT_ZERO) { selected_chain = zerochain; -- 2.18.0