[iptables PATCH 3/5] xtables: Fix error messages in commands with rule number

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Use E2BIG if rule identified by given number is not found. ENOENT is
used if referenced chain is not found. Without this, a command
specifying a non-existing chain in combination with a rule number like
e.g.: 'iptables-nft -I nonexist 23 -j ACCEPT' returns "Index of
insertion too big." instead of "No chain/target/match by that name."
like legacy iptables does.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index c1b8ba3aa4bcf..f42a1be734ba8 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2235,7 +2235,7 @@ int nft_rule_insert(struct nft_handle *h, const char *chain,
 				return nft_rule_append(h, chain, table, data,
 						       NULL, verbose);
 
-			errno = ENOENT;
+			errno = E2BIG;
 			goto err;
 		}
 	}
@@ -2276,7 +2276,7 @@ int nft_rule_delete_num(struct nft_handle *h, const char *chain,
 		if (ret < 0)
 			errno = ENOMEM;
 	} else
-		errno = ENOENT;
+		errno = E2BIG;
 
 	return ret;
 }
@@ -2304,7 +2304,7 @@ int nft_rule_replace(struct nft_handle *h, const char *chain,
 
 		ret = nft_rule_append(h, chain, table, data, r, verbose);
 	} else
-		errno = ENOENT;
+		errno = E2BIG;
 
 	return ret;
 }
@@ -2985,10 +2985,10 @@ const char *nft_strerror(int err)
 	    { nft_chain_user_del, EMLINK,
 	      "Can't delete chain with references left" },
 	    { nft_chain_user_add, EEXIST, "Chain already exists" },
-	    { nft_rule_insert, ENOENT, "Index of insertion too big" },
+	    { nft_rule_insert, E2BIG, "Index of insertion too big" },
 	    { nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" },
-	    { nft_rule_replace, ENOENT, "Index of replacement too big" },
-	    { nft_rule_delete_num, ENOENT, "Index of deletion too big" },
+	    { nft_rule_replace, E2BIG, "Index of replacement too big" },
+	    { nft_rule_delete_num, E2BIG, "Index of deletion too big" },
 /*	    { TC_READ_COUNTER, E2BIG, "Index of counter too big" },
 	    { TC_ZERO_COUNTER, E2BIG, "Index of counter too big" }, */
 	    /* ENOENT for DELETE probably means no matching rule */
-- 
2.20.1




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux