From: Jacek Tomasiak <jacek.tomasiak@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: Jacek Tomasiak <jacek.tomasiak@gmail.com>,
Jacek Tomasiak <jtomasiak@arista.com>
Subject: [iptables PATCH] iptables: Fix handling of non-existent chains
Date: Mon, 19 Jun 2023 13:46:36 +0200 [thread overview]
Message-ID: <20230619114636.7672-1-jacek.tomasiak@gmail.com> (raw)
Since 694612adf87 the "compatibility" check considers non-existent
chains as "incompatible". This broke some scripts which used calls
like `iptables -L CHAIN404` to test for chain existence and expect
"No chain/target/match by that name." in the output.
This patch changes the logic of `nft_is_table_compatible()` to
report non-existent chains as "compatible" which restores the old
behavior.
Fixes: 694612adf87 ("nft: Fix selective chain compatibility checks")
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1648
Signed-off-by: Jacek Tomasiak <jtomasiak@arista.com>
Signed-off-by: Jacek Tomasiak <jacek.tomasiak@gmail.com>
---
iptables/nft.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index 1cb104e7..020553a4 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3860,7 +3860,7 @@ bool nft_is_table_compatible(struct nft_handle *h,
if (chain) {
struct nft_chain *c = nft_chain_find(h, table, chain);
- return c && !nft_is_chain_compatible(c, h);
+ return !c || !nft_is_chain_compatible(c, h);
}
return !nft_chain_foreach(h, table, nft_is_chain_compatible, h);
--
2.35.3
next reply other threads:[~2023-06-19 11:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-19 11:46 Jacek Tomasiak [this message]
2023-06-21 11:53 ` [iptables PATCH] iptables: Fix handling of non-existent chains Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230619114636.7672-1-jacek.tomasiak@gmail.com \
--to=jacek.tomasiak@gmail.com \
--cc=jtomasiak@arista.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.