evaluate: display error on unexisting chain when listing

nft list chain ip test output
<cmdline>:1:1-25: Error: Could not process rule: Chain 'output' does not exist
list chain ip test output
^^^^^^^^^^^^^^^^^^^^^^^^^

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 00e9c4b45afb2724e1e92c1d9dc6e938ab1a12d2..1405da83e0d83c9ae17992c180fd54cb96acac4d 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1960,16 +1960,26 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd)
 
 static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
 {
+       struct table *table;
+
        switch (cmd->obj) {
        case CMD_OBJ_TABLE:
                if (cmd->handle.table == NULL)
                        return 0;
-       case CMD_OBJ_CHAIN:
        case CMD_OBJ_SET:
                if (table_lookup(&cmd->handle) == NULL)
                        return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
                                         cmd->handle.table);
                return 0;
+       case CMD_OBJ_CHAIN:
+               table = table_lookup(&cmd->handle);
+               if (table == NULL)
+                       return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
+                                        cmd->handle.table);
+               if (chain_lookup(table, &cmd->handle) == NULL)
+                       return cmd_error(ctx, "Could not process rule: Chain '%s' does not exist",
+                                        cmd->handle.chain);
+               return 0;
        case CMD_OBJ_SETS:
        case CMD_OBJ_RULESET:
                return 0;