On Tue, Mar 28, 2023 at 02:26:16PM +0200, Phil Sutter wrote:
> If xtables support was compiled in but the required libxtables DSO is
> not found, nft prints an error message and leaks memory:
>
> | counter packets 0 bytes 0 XT target MASQUERADE not found
>
> This is not as bad as it seems, the output combines stdout and stderr.
> Dropping stderr produces an incomplete ruleset listing, though. While
> this seemingly inline output can't easily be avoided, fix a few things:
>
> * Respect octx->error_fp, libnftables might have been configured to
> redirect stderr somewhere else.
> * Align error message formatting with others.
> * Don't return immediately, but free allocated memory and fall back to
> printing the expression in "untranslated" form.
>
> Fixes: 5c30feeee5cfe ("xt: Delay libxtables access until translation")
> Signed-off-by: Phil Sutter <phil@xxxxxx>
Patch applied.
