From: Phil Sutter <phil@nwl.cc>
Date: Thu, 15 Dec 2022 15:17:35 +0000 (+0100)
Subject: nft: Make rule parsing errors fatal
X-Git-Tag: v1.8.9~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ec86937089a95ac57f149b70cbf740d69b9bd775;p=thirdparty%2Fiptables.git

nft: Make rule parsing errors fatal

Finish parsing the rule, thereby printing all potential problems and
abort the program.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index c13fc307..4a7b5406 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -1362,7 +1362,7 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
 			nft_parse_range(&ctx, expr);
 
 		if (ctx.errmsg) {
-			fprintf(stderr, "%s", ctx.errmsg);
+			fprintf(stderr, "Error: %s\n", ctx.errmsg);
 			ctx.errmsg = NULL;
 			ret = false;
 		}
@@ -1404,6 +1404,8 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
 	if (!cs->jumpto)
 		cs->jumpto = "";
 
+	if (!ret)
+		xtables_error(VERSION_PROBLEM, "Parsing nftables rule failed");
 	return ret;
 }