Use E2BIG if rule identified by given number is not found. ENOENT is
used if referenced chain is not found. Without this, a command
specifying a non-existing chain in combination with a rule number like
e.g.: 'iptables-nft -I nonexist 23 -j ACCEPT' returns "Index of
insertion too big." instead of "No chain/target/match by that name."
like legacy iptables does.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index c1b8ba3aa4bcf..f42a1be734ba8 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2235,7 +2235,7 @@ int nft_rule_insert(struct nft_handle *h, const char *chain,
return nft_rule_append(h, chain, table, data,
NULL, verbose);
- errno = ENOENT;
+ errno = E2BIG;
goto err;
}
}
@@ -2276,7 +2276,7 @@ int nft_rule_delete_num(struct nft_handle *h, const char *chain,
if (ret < 0)
errno = ENOMEM;
} else
- errno = ENOENT;
+ errno = E2BIG;
return ret;
}
@@ -2304,7 +2304,7 @@ int nft_rule_replace(struct nft_handle *h, const char *chain,
ret = nft_rule_append(h, chain, table, data, r, verbose);
} else
- errno = ENOENT;
+ errno = E2BIG;
return ret;
}
@@ -2985,10 +2985,10 @@ const char *nft_strerror(int err)
{ nft_chain_user_del, EMLINK,
"Can't delete chain with references left" },
{ nft_chain_user_add, EEXIST, "Chain already exists" },
- { nft_rule_insert, ENOENT, "Index of insertion too big" },
+ { nft_rule_insert, E2BIG, "Index of insertion too big" },
{ nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" },
- { nft_rule_replace, ENOENT, "Index of replacement too big" },
- { nft_rule_delete_num, ENOENT, "Index of deletion too big" },
+ { nft_rule_replace, E2BIG, "Index of replacement too big" },
+ { nft_rule_delete_num, E2BIG, "Index of deletion too big" },
/* { TC_READ_COUNTER, E2BIG, "Index of counter too big" },
{ TC_ZERO_COUNTER, E2BIG, "Index of counter too big" }, */
/* ENOENT for DELETE probably means no matching rule */
--
2.20.1
