diff options
author | Florian Westphal <fw@strlen.de> | 2018-06-29 16:14:31 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-07-02 17:15:56 +0200 |
commit | 2028e54ab443cff20bd5f6cbaba9535275fbd0bc (patch) | |
tree | 0c934d841eee161bf4523f2cab1be18c0187be4e /iptables/nft.c | |
parent | fd8d7d7e5d911ab3752e72105643454da7544df3 (diff) |
xtables: display legacy/nf_tables flavor in error messages, too
Also, in nf_tables backend case, only show more than one error
if we're iptables-restore, else we get very long concatenated errorline.
old:
iptables v1.6.2: can't initialize iptables table `security': Table does not exist (do you need to insmod?)
iptables v1.6.2: iptables: CHAIN_ADD failed (Device or resource busy): chain PREROUTINGCHAIN_ADD failed (Device or resource busy): chain INPUTCHAIN_ADD failed (Device or resource busy): chain POSTROUTINGCHAIN_ADD failed (Device or resource busy): chain OUTPUT
iptables-restore v1.6.2: iptables-restore:
line 1: CHAIN_ADD failed (Device or resource busy): chain PREROUTING
line 1: CHAIN_ADD failed (Device or resource busy): chain INPUT
line 1: CHAIN_ADD failed (Device or resource busy): chain POSTROUTING
line 1: CHAIN_ADD failed (Device or resource busy): chain OUTPUT
line 6: RULE_INSERT failed (No such file or directory): rule in chain PREROUTING
now:
iptables v1.6.2 (legacy): can't initialize iptables table `security': Table does not exist (do you need to insmod?)
iptables v1.6.2 (nf_tables): CHAIN_ADD failed (Device or resource busy): chain PREROUTING
iptables-restore v1.6.2 (nf_tables):
line 1: CHAIN_ADD failed (Device or resource busy): chain PREROUTING
line 1: CHAIN_ADD failed (Device or resource busy): chain INPUT
line 1: CHAIN_ADD failed (Device or resource busy): chain POSTROUTING
line 1: CHAIN_ADD failed (Device or resource busy): chain OUTPUT
line 6: RULE_INSERT failed (No such file or directory): rule in chain PREROUTING
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index b7ee8352..3cacf5fe 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -300,7 +300,7 @@ static int mnl_append_error(const struct nft_handle *h, snprintf(errmsg, sizeof(errmsg), "\nline %u: %s failed (%s)", o->error.lineno, type_name[o->type], strerror(err->err)); else - snprintf(errmsg, sizeof(errmsg), "%s failed (%s)", + snprintf(errmsg, sizeof(errmsg), " %s failed (%s)", type_name[o->type], strerror(err->err)); switch (o->type) { @@ -2484,6 +2484,7 @@ static int nft_action(struct nft_handle *h, int action) struct obj_update *n, *tmp; struct mnl_err *err, *ne; unsigned int buflen, i, len; + bool show_errors = true; char errmsg[1024]; uint32_t seq = 1; int ret = 0; @@ -2572,20 +2573,15 @@ static int nft_action(struct nft_handle *h, int action) i = 0; buflen = sizeof(errmsg); - if (!list_empty(&h->err_list)) { - len = snprintf(errmsg, buflen + i, "%s: ", xt_params->program_name); - if (len > 0) { - i += len; - buflen -= len; - } - } list_for_each_entry_safe(n, tmp, &h->obj_list, head) { list_for_each_entry_safe(err, ne, &h->err_list, head) { if (err->seqnum > n->seq) break; - if (err->seqnum == n->seq) { + if (err->seqnum == n->seq && show_errors) { + if (n->error.lineno == 0) + show_errors = false; len = mnl_append_error(h, n, err, errmsg + i, buflen); if (len > 0 && len <= buflen) { buflen -= len; |