Patchwork [iptables-nftables,3/6] xtables: policy can be changed only on builtin chain

login
register
mail settings
Submitter Tomasz Bursztyka
Date May 14, 2013, 10:52 a.m.
Message ID <1368528727-10127-4-git-send-email-tomasz.bursztyka@linux.intel.com>
Download mbox | patch
Permalink /patch/243679/
State Accepted
Headers show

Comments

Tomasz Bursztyka - May 14, 2013, 10:52 a.m.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
---
 iptables/nft.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)
Pablo Neira - May 16, 2013, 5:01 p.m.
Also applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/iptables/nft.c b/iptables/nft.c
index 574383d..afbba84 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -503,16 +503,9 @@  __nft_chain_set(struct nft_handle *h, const char *table,
 		c = nft_chain_builtin_alloc(_t, _c, policy);
 		if (c == NULL)
 			return -1;
-
 	} else {
-		/* This is a custom chain */
-		c = nft_chain_alloc();
-		if (c == NULL)
-			return -1;
-
-		nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table);
-		nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain);
-		nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY, policy);
+		errno = ENOENT;
+		return -1;
 	}
 
 	if (counters) {