From patchwork Tue May 14 10:52:04 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomasz Bursztyka X-Patchwork-Id: 243679 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id E3C782C00A7 for ; Tue, 14 May 2013 20:52:25 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755693Ab3ENKwV (ORCPT ); Tue, 14 May 2013 06:52:21 -0400 Received: from mga11.intel.com ([192.55.52.93]:46611 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757020Ab3ENKwR (ORCPT ); Tue, 14 May 2013 06:52:17 -0400 Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP; 14 May 2013 03:52:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.87,670,1363158000"; d="scan'208";a="333806195" Received: from rd-180.fi.intel.com ([10.237.68.33]) by fmsmga001.fm.intel.com with ESMTP; 14 May 2013 03:52:13 -0700 From: Tomasz Bursztyka To: netfilter-devel@vger.kernel.org Cc: Tomasz Bursztyka Subject: [iptables-nftables PATCH 3/6] xtables: policy can be changed only on builtin chain Date: Tue, 14 May 2013 13:52:04 +0300 Message-Id: <1368528727-10127-4-git-send-email-tomasz.bursztyka@linux.intel.com> X-Mailer: git-send-email 1.8.2.1 In-Reply-To: <1368528727-10127-1-git-send-email-tomasz.bursztyka@linux.intel.com> References: <519216B6.7060701@linux.intel.com> <1368528727-10127-1-git-send-email-tomasz.bursztyka@linux.intel.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Signed-off-by: Tomasz Bursztyka --- iptables/nft.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 574383d..afbba84 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -503,16 +503,9 @@ __nft_chain_set(struct nft_handle *h, const char *table, c = nft_chain_builtin_alloc(_t, _c, policy); if (c == NULL) return -1; - } else { - /* This is a custom chain */ - c = nft_chain_alloc(); - if (c == NULL) - return -1; - - nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table); - nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain); - nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY, policy); + errno = ENOENT; + return -1; } if (counters) {