If xtables support was compiled in but the required libxtables DSO is
not found, nft prints an error message and leaks memory:
| counter packets 0 bytes 0 XT target MASQUERADE not found
This is not as bad as it seems, the output combines stdout and stderr.
Dropping stderr produces an incomplete ruleset listing, though. While
this seemingly inline output can't easily be avoided, fix a few things:
* Respect octx->error_fp, libnftables might have been configured to
redirect stderr somewhere else.
* Align error message formatting with others.
* Don't return immediately, but free allocated memory and fall back to
printing the expression in "untranslated" form.
Fixes: 5c30feeee5cfe ("xt: Delay libxtables access until translation")
Signed-off-by: Phil Sutter <phil@nwl.cc>
case NFT_XT_MATCH:
mt = xtables_find_match(stmt->xt.name, XTF_TRY_LOAD, NULL);
if (!mt) {
- fprintf(stderr, "XT match %s not found\n",
+ fprintf(octx->error_fp,
+ "# Warning: XT match %s not found\n",
stmt->xt.name);
- return;
+ break;
}
size = XT_ALIGN(sizeof(*m)) + stmt->xt.infolen;
case NFT_XT_TARGET:
tg = xtables_find_target(stmt->xt.name, XTF_TRY_LOAD);
if (!tg) {
- fprintf(stderr, "XT target %s not found\n",
+ fprintf(octx->error_fp,
+ "# Warning: XT target %s not found\n",
stmt->xt.name);
- return;
+ break;
}
size = XT_ALIGN(sizeof(*t)) + stmt->xt.infolen;
projects / thirdparty / nftables.git / commitdiff
