When running iptables -nL as non-root user, iptables would loop indefinitely.
With this change, it will fail with
iptables v1.8.3 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root)
Reported-by: Amish <anon.amish@xxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
iptables/nft.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index e927d1db2b42..8f0d5e664eca 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -82,13 +82,19 @@ out:
return MNL_CB_ERROR;
}
-static int mnl_genid_get(struct nft_handle *h, uint32_t *genid)
+static void mnl_genid_get(struct nft_handle *h, uint32_t *genid)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
+ int ret;
nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETGEN, 0, 0, h->seq);
- return mnl_talk(h, nlh, genid_cb, genid);
+ ret = mnl_talk(h, nlh, genid_cb, genid);
+ if (ret == 0)
+ return;
+
+ xtables_error(RESOURCE_PROBLEM,
+ "Could not fetch rule set generation id: %s\n", nft_strerror(errno));
}
int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh,
--
2.21.0
