If the chain to rename wasn't found, the function would return -1 which got interpreted as success. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft.c | 4 ++-- iptables/tests/shell/testcases/iptables/0004-return-codes_0 | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index e2a4902448680..28b08ce8e7bdd 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1755,14 +1755,14 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain, c = nft_chain_find(h, table, chain); if (c == NULL) { errno = ENOENT; - return -1; + return 0; } handle = nftnl_chain_get_u64(c, NFTNL_CHAIN_HANDLE); /* Now prepare the new name for the chain */ c = nftnl_chain_alloc(); if (c == NULL) - return -1; + return 0; nftnl_chain_set(c, NFTNL_CHAIN_TABLE, (char *)table); nftnl_chain_set(c, NFTNL_CHAIN_NAME, (char *)newname); diff --git a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 index 34dffeee4604a..5b6e1f6f1bc7a 100755 --- a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 +++ b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 @@ -23,6 +23,10 @@ cmd 1 iptables -N foo # iptables-nft allows this - bug or feature? #cmd 2 iptables -N "invalid name" +# test chain rename +cmd 0 iptables -E foo bar +cmd 1 iptables -E foo bar + # test rule adding cmd 0 iptables -A INPUT -j ACCEPT cmd 1 iptables -A noexist -j ACCEPT -- 2.19.0