xtables: more error printing fixes

Check for nft_insert_rule, since nft_add_rule is never set via nft_fn.
Moreover, generalize ELOOP error since there is only one single location
in the kernel code where we can hit this.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index 7fd3c48eeadbd31efd3203b91510b695a480b628..424c9119e8226fe1f5cd236452ca2aef1a535119 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2670,19 +2670,18 @@ const char *nft_strerror(int err)
            { nft_chain_user_del, EMLINK,
              "Can't delete chain with references left" },
            { nft_chain_user_add, EEXIST, "Chain already exists" },
-           { nft_rule_add, E2BIG, "Index of insertion too big" },
+           { nft_rule_insert, ENOENT, "Index of insertion too big" },
            { nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" },
            { nft_rule_replace, ENOENT, "Index of replacement too big" },
            { nft_rule_delete_num, ENOENT, "Index of deletion too big" },
 /*         { TC_READ_COUNTER, E2BIG, "Index of counter too big" },
            { TC_ZERO_COUNTER, E2BIG, "Index of counter too big" }, */
-           { nft_rule_add, ELOOP, "Loop found in table" },
-           { nft_rule_add, EINVAL, "Target problem" },
            /* ENOENT for DELETE probably means no matching rule */
            { nft_rule_delete, ENOENT,
              "Bad rule (does a matching rule exist in that chain?)" },
            { nft_chain_set, ENOENT, "Bad built-in chain name" },
            { nft_chain_set, EINVAL, "Bad policy name" },
+           { NULL, ELOOP, "Loop found in table" },
            { NULL, EPERM, "Permission denied (you must be root)" },
            { NULL, 0, "Incompatible with this kernel" },
            { NULL, ENOPROTOOPT, "iptables who? (do you need to insmod?)" },