xtables: Fix error message when zeroing a non-existent chain

Previously, error message was a bit misleading:

| # iptables-nft -Z noexist
| iptables: Incompatible with this kernel.

Set errno value so that the typical "No chain/target/match by that
name." is printed instead.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index d708fb6176b88063b900608b7ee1de6c5c02a62d..60b0531f4c8c8311bc30b082000b1e9cef4c68d2 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3235,8 +3235,10 @@ int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
 
        if (chain) {
                c = nftnl_chain_list_lookup_byname(list, chain);
-               if (!c)
+               if (!c) {
+                       errno = ENOENT;
                        return 0;
+               }
 
                ret = __nft_chain_zero_counters(c, &d);
                goto err;