xtables: Fix error message for chain renaming

If the new name already exists, legacy iptables prints "File exists.".
This is a bit exotic, but more appropriate than "No chain/target/match
by that name." printed by iptables-nft without this patch.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index f42a1be734ba8c94f0f3c99959b36690b9b99c5a..a297d9856001a802b9817cd88787fc00ca2765fd 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1855,7 +1855,12 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
        uint64_t handle;
        int ret;
 
-       nft_fn = nft_chain_user_add;
+       nft_fn = nft_chain_user_rename;
+
+       if (nft_chain_exists(h, table, newname)) {
+               errno = EEXIST;
+               return 0;
+       }
 
        /* If built-in chains don't exist for this table, create them */
        if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
@@ -2985,6 +2990,7 @@ const char *nft_strerror(int err)
            { nft_chain_user_del, EMLINK,
              "Can't delete chain with references left" },
            { nft_chain_user_add, EEXIST, "Chain already exists" },
+           { nft_chain_user_rename, EEXIST, "File exists" },
            { nft_rule_insert, E2BIG, "Index of insertion too big" },
            { nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" },
            { nft_rule_replace, E2BIG, "Index of replacement too big" },