Display the following error in such case:
ruleset.nft:7:9-52: Error: Chain "input" already exists in table ip 'filter' with different declaration
type filter hook postrouting priority filter;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
instead of reporting a misleading unsupported chain type.
Fixes: 573788e05363 ("src: improve error reporting for unsupported chain type")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/cmd.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/cmd.c b/src/cmd.c
index 14cb1b5172cd..d6b1d844ed8d 100644
--- a/src/cmd.c
+++ b/src/cmd.c
@@ -256,7 +256,8 @@ static void nft_cmd_enoent(struct netlink_ctx *ctx, const struct cmd *cmd,
static int nft_cmd_chain_error(struct netlink_ctx *ctx, struct cmd *cmd,
struct mnl_err *err)
{
- struct chain *chain = cmd->chain;
+ struct chain *chain = cmd->chain, *existing_chain;
+ const struct table *table;
int priority;
switch (err->err) {
@@ -270,6 +271,18 @@ static int nft_cmd_chain_error(struct netlink_ctx *ctx, struct cmd *cmd,
return netlink_io_error(ctx, &chain->priority.loc,
"Chains of type \"nat\" must have a priority value above -200");
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name, cmd->handle.family);
+ if (table) {
+ existing_chain = chain_cache_find(table, cmd->handle.chain.name);
+ if (existing_chain && existing_chain != chain &&
+ !strcmp(existing_chain->handle.chain.name, chain->handle.chain.name))
+ return netlink_io_error(ctx, &chain->loc,
+ "Chain \"%s\" already exists in table %s '%s' with different declaration",
+ chain->handle.chain.name,
+ family2str(table->handle.family), table->handle.table.name);
+ }
+
return netlink_io_error(ctx, &chain->loc,
"Chain of type \"%s\" is not supported, perhaps kernel support is missing?",
chain->type.str);
--
2.30.2
