iptables: xtables-eb: fix renaming of chains

Renaming of chains is not working. and ebtables-compat gets:
 libnftnl: attribute 0 assertion failed in chain.c:159

This patch brings back the parser code of the original ebtables tool:
 http://git.netfilter.org/ebtables.old-history/tree/userspace/ebtables2/ebtables.c#n652

I adapted the original parser code to fit in the new environment. Also tried to
keep original error messages as much as possible.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 47af78f9ff6f951dae8ac2128e1a8f503d6444f7..b924daf928276c4eae9d461ae6fc2828fba42b46 100644 (file)
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -21,6 +21,7 @@
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
+#include <errno.h>
 #include <getopt.h>
 #include <string.h>
 #include <stdio.h>
@@ -32,6 +33,7 @@
 #include <xtables.h>
 
 #include <linux/netfilter_bridge.h>
+#include <linux/netfilter/nf_tables.h>
 #include <ebtables/ethernetdb.h>
 #include "xshared.h"
 #include "nft.h"
@@ -582,7 +584,6 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table)
        struct ebtables_command_state cs;
        char command = 'h';
        const char *chain = NULL;
-       const char *newname = NULL;
        const char *policy = NULL;
        int exec_style = EXEC_STYLE_PRG;
        int selected_chain = -1;
@@ -643,7 +644,21 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table)
                        }
 
                        if (c == 'E') {
-                               ret = nft_chain_user_rename(h, chain, *table, newname);
+                               if (optind >= argc)
+                                       xtables_error(PARAMETER_PROBLEM, "No new chain name specified");
+                               else if (optind < argc - 1)
+                                       xtables_error(PARAMETER_PROBLEM, "No extra options allowed with -E");
+                               else if (strlen(argv[optind]) >= NFT_CHAIN_MAXNAMELEN)
+                                       xtables_error(PARAMETER_PROBLEM, "Chain name length can't exceed %d"" characters", NFT_CHAIN_MAXNAMELEN - 1);
+                               else if (strchr(argv[optind], ' ') != NULL)
+                                       xtables_error(PARAMETER_PROBLEM, "Use of ' ' not allowed in chain names");
+
+                               ret = nft_chain_user_rename(h, chain, *table,
+                                                           argv[optind]);
+                               if (ret != 0 && errno == ENOENT)
+                                       xtables_error(PARAMETER_PROBLEM, "Chain '%s' doesn't exists", chain);
+
+                               optind++;
                                break;
                        } else if (c == 'D' && optind < argc && (argv[optind][0] != '-' || (argv[optind][1] >= '0' && argv[optind][1] <= '9'))) {
                                if (optind != argc - 1)