[iptables PATCH] xtables: Fix for spurious errors from iptables-translate

Tue, 23 Oct 2018 07:59:33 -0700 

When aligning iptables-nft error messages with legacy ones, I missed
that translate tools shouldn't check for missing or duplicated chains.

Introduce a boolean in struct nft_xt_cmd_parse indicating we're "just"
translating and do_parse() should skip the checks.

Fixes: b6a06c1a215f8 ("xtables: Align return codes with legacy iptables")
Signed-off-by: Phil Sutter <[email protected]>
---
 iptables/nft-shared.h        | 1 +
 iptables/xtables-translate.c | 1 +
 iptables/xtables.c           | 6 +++---
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 1281f080bc31d..e3ecdb4d23df3 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -233,6 +233,7 @@ struct nft_xt_cmd_parse {
        const char                      *policy;
        bool                            restore;
        int                             verbose;
+       bool                            xlate;
 };
 
 void do_parse(struct nft_handle *h, int argc, char *argv[],
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index f4c0f9cf5a181..849c53f30e155 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -216,6 +216,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, 
char *argv[],
        struct nft_xt_cmd_parse p = {
                .table          = *table,
                .restore        = restore,
+               .xlate          = true,
        };
        struct iptables_command_state cs;
        struct xtables_args args = {
diff --git a/iptables/xtables.c b/iptables/xtables.c
index e0343dbabf2b3..0038804e288c6 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1063,16 +1063,16 @@ void do_parse(struct nft_handle *h, int argc, char 
*argv[],
                                           p->chain);
                }
 
-               if (!nft_chain_exists(h, p->table, p->chain))
+               if (!p->xlate && !nft_chain_exists(h, p->table, p->chain))
                        xtables_error(OTHER_PROBLEM,
                                      "Chain '%s' does not exist", cs->jumpto);
 
-               if (!cs->target && strlen(cs->jumpto) > 0 &&
+               if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 &&
                    !nft_chain_exists(h, p->table, cs->jumpto))
                        xtables_error(PARAMETER_PROBLEM,
                                      "Chain '%s' does not exist", cs->jumpto);
        }
-       if (p->command == CMD_NEW_CHAIN &&
+       if (!p->xlate && p->command == CMD_NEW_CHAIN &&
            nft_chain_exists(h, p->table, p->chain))
                xtables_error(OTHER_PROBLEM, "Chain already exists");
 }
-- 
2.19.0

Reply via email to