libxtables: Fix unsupported extension warning corner case

Some extensions are not supported in revision 0 by user space anymore,
for those the warning in xtables_compatible_revision() does not print as
no revision 0 is tried.

To fix this, one has to track if none of the user space supported
revisions were accepted by the kernel. Therefore add respective logic to
xtables_find_{target,match}().

Note that this does not lead to duplicated warnings for unsupported
extensions that have a revision 0 because xtables_compatible_revision()
returns true for them to allow for extension's help output.

For the record, these ip6tables extensions are affected: set/SET,
socket, tos/TOS, TPROXY and SNAT. In addition to that, TEE is affected
for both families.

Fixes: 17534cb18ed0a ("Improve error messages for unsupported extensions")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index dc645162973f073d3d0347515a7eb5f54b110014..479dbae0781568379fbbd679c16cf300c11b0406 100644 (file)
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -776,6 +776,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
        struct xtables_match *ptr;
        const char *icmp6 = "icmp6";
        bool found = false;
+       bool seen = false;
 
        if (strlen(name) >= XT_EXTENSION_MAXNAMELEN)
                xtables_error(PARAMETER_PROBLEM,
@@ -794,6 +795,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
                if (extension_cmp(name, (*dptr)->name, (*dptr)->family)) {
                        ptr = *dptr;
                        *dptr = (*dptr)->next;
+                       seen = true;
                        if (!found &&
                            xtables_fully_register_pending_match(ptr, prev)) {
                                found = true;
@@ -807,6 +809,11 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
                dptr = &((*dptr)->next);
        }
 
+       if (seen && !found)
+               fprintf(stderr,
+                       "Warning: Extension %s is not supported, missing kernel module?\n",
+                       name);
+
        for (ptr = xtables_matches; ptr; ptr = ptr->next) {
                if (extension_cmp(name, ptr->name, ptr->family)) {
                        struct xtables_match *clone;
@@ -899,6 +906,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
        struct xtables_target **dptr;
        struct xtables_target *ptr;
        bool found = false;
+       bool seen = false;
 
        /* Standard target? */
        if (strcmp(name, "") == 0
@@ -917,6 +925,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
                if (extension_cmp(name, (*dptr)->name, (*dptr)->family)) {
                        ptr = *dptr;
                        *dptr = (*dptr)->next;
+                       seen = true;
                        if (!found &&
                            xtables_fully_register_pending_target(ptr, prev)) {
                                found = true;
@@ -930,6 +939,11 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
                dptr = &((*dptr)->next);
        }
 
+       if (seen && !found)
+               fprintf(stderr,
+                       "Warning: Extension %s is not supported, missing kernel module?\n",
+                       name);
+
        for (ptr = xtables_targets; ptr; ptr = ptr->next) {
                if (extension_cmp(name, ptr->name, ptr->family)) {
                        struct xtables_target *clone;