Fix showing help text for matches/targets with revision as user

When running as a user iptables can't determine the highest supported
revision and exits. Assume all revision are supported in case we get
a EPERM. If the user is not showing the help text but trying to add
new rules he'll get EPERM later anyway.

diff --git a/xtables.c b/xtables.c
index 6107119fec3ce508ffabb071e42f9eaffadeffec..3cc864b203ee9566f945351bb6af70371a65a2ec 100644 (file)
--- a/xtables.c
+++ b/xtables.c
@@ -411,6 +411,15 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
 
        sockfd = socket(afinfo.family, SOCK_RAW, IPPROTO_RAW);
        if (sockfd < 0) {
+               if (errno == EPERM) {
+                       /* revision 0 is always supported. */
+                       if (revision != 0)
+                               fprintf(stderr, "Could not determine whether "
+                                               "revision %u is supported, "
+                                               "assuming it is.\n",
+                                       revision);
+                       return 1;
+               }
                fprintf(stderr, "Could not open socket to kernel: %s\n",
                        strerror(errno));
                exit(1);