From: Pablo Neira Ayuso Date: Tue, 29 May 2018 08:20:47 +0000 (+0200) Subject: xtables: more error printing fixes X-Git-Tag: v1.8.0~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cb368b6f6f58bf04ad2bf3316b8e1ddf5389e3f9;p=thirdparty%2Fiptables.git xtables: more error printing fixes Check for nft_insert_rule, since nft_add_rule is never set via nft_fn. Moreover, generalize ELOOP error since there is only one single location in the kernel code where we can hit this. Signed-off-by: Pablo Neira Ayuso --- diff --git a/iptables/nft.c b/iptables/nft.c index 7fd3c48e..424c9119 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2670,19 +2670,18 @@ const char *nft_strerror(int err) { nft_chain_user_del, EMLINK, "Can't delete chain with references left" }, { nft_chain_user_add, EEXIST, "Chain already exists" }, - { nft_rule_add, E2BIG, "Index of insertion too big" }, + { nft_rule_insert, ENOENT, "Index of insertion too big" }, { nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" }, { nft_rule_replace, ENOENT, "Index of replacement too big" }, { nft_rule_delete_num, ENOENT, "Index of deletion too big" }, /* { TC_READ_COUNTER, E2BIG, "Index of counter too big" }, { TC_ZERO_COUNTER, E2BIG, "Index of counter too big" }, */ - { nft_rule_add, ELOOP, "Loop found in table" }, - { nft_rule_add, EINVAL, "Target problem" }, /* ENOENT for DELETE probably means no matching rule */ { nft_rule_delete, ENOENT, "Bad rule (does a matching rule exist in that chain?)" }, { nft_chain_set, ENOENT, "Bad built-in chain name" }, { nft_chain_set, EINVAL, "Bad policy name" }, + { NULL, ELOOP, "Loop found in table" }, { NULL, EPERM, "Permission denied (you must be root)" }, { NULL, 0, "Incompatible with this kernel" }, { NULL, ENOPROTOOPT, "iptables who? (do you need to insmod?)" },