[iptables PATCH] xtables: Fix for spurious errors from iptables-translate

Phil Sutter <phil@xxxxxx> · Tue, 23 Oct 2018 16:59:14 +0200

When aligning iptables-nft error messages with legacy ones, I missed
that translate tools shouldn't check for missing or duplicated chains.

Introduce a boolean in struct nft_xt_cmd_parse indicating we're "just"
translating and do_parse() should skip the checks.

Fixes: b6a06c1a215f8 ("xtables: Align return codes with legacy iptables")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft-shared.h        | 1 +
 iptables/xtables-translate.c | 1 +
 iptables/xtables.c           | 6 +++---
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 1281f080bc31d..e3ecdb4d23df3 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -233,6 +233,7 @@ struct nft_xt_cmd_parse {
 	const char			*policy;
 	bool				restore;
 	int				verbose;
+	bool				xlate;
 };
 
 void do_parse(struct nft_handle *h, int argc, char *argv[],
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index f4c0f9cf5a181..849c53f30e155 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -216,6 +216,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
 	struct nft_xt_cmd_parse p = {
 		.table		= *table,
 		.restore	= restore,
+		.xlate		= true,
 	};
 	struct iptables_command_state cs;
 	struct xtables_args args = {
diff --git a/iptables/xtables.c b/iptables/xtables.c
index e0343dbabf2b3..0038804e288c6 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1063,16 +1063,16 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 					   p->chain);
 		}
 
-		if (!nft_chain_exists(h, p->table, p->chain))
+		if (!p->xlate && !nft_chain_exists(h, p->table, p->chain))
 			xtables_error(OTHER_PROBLEM,
 				      "Chain '%s' does not exist", cs->jumpto);
 
-		if (!cs->target && strlen(cs->jumpto) > 0 &&
+		if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 &&
 		    !nft_chain_exists(h, p->table, cs->jumpto))
 			xtables_error(PARAMETER_PROBLEM,
 				      "Chain '%s' does not exist", cs->jumpto);
 	}
-	if (p->command == CMD_NEW_CHAIN &&
+	if (!p->xlate && p->command == CMD_NEW_CHAIN &&
 	    nft_chain_exists(h, p->table, p->chain))
 		xtables_error(OTHER_PROBLEM, "Chain already exists");
 }
-- 
2.19.0







