diff options
author | Phil Sutter <phil@nwl.cc> | 2022-08-26 16:53:52 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-08-26 20:08:22 +0200 |
commit | 0257293c68913dd5993c1cac44f2ee80af6d9792 (patch) | |
tree | a8fc645259e50a975bbf13371216e34f270c8a74 /iptables | |
parent | c70a33d219ccb43e6f59aa1b9bbab5dcb13f3443 (diff) |
nft: Expand extended error reporting to nft_cmd, too
Introduce the same embedded 'error' struct in nft_cmd and initialize it
with the current value from nft_handle. Then in preparation phase,
update nft_handle's error.lineno with the value from the current
nft_cmd.
This serves two purposes:
* Allocated batch objects (obj_update) get the right lineno value
instead of the COMMIT one.
* Any error during preparation may be reported with line number. Do this
and change the relevant fprintf() call to use nft_handle's lineno
instead of the global 'line' variable.
With this change, cryptic iptables-nft-restore error messages should
finally be gone:
| # iptables-nft-restore <<EOF
| *filter
| -A nonexist
| COMMIT
| EOF
| iptables-nft-restore: line 2 failed: No chain/target/match by that name.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft-cmd.c | 1 | ||||
-rw-r--r-- | iptables/nft-cmd.h | 3 | ||||
-rw-r--r-- | iptables/nft.c | 2 | ||||
-rw-r--r-- | iptables/xtables-restore.c | 2 |
4 files changed, 7 insertions, 1 deletions
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index fcd01bd0..f16ea0e6 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -24,6 +24,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, struct nft_cmd *cmd; cmd = xtables_calloc(1, sizeof(struct nft_cmd)); + cmd->error.lineno = h->error.lineno; cmd->command = command; cmd->table = xtables_strdup(table); if (chain) diff --git a/iptables/nft-cmd.h b/iptables/nft-cmd.h index b5a99ef7..c0f84636 100644 --- a/iptables/nft-cmd.h +++ b/iptables/nft-cmd.h @@ -24,6 +24,9 @@ struct nft_cmd { struct xt_counters counters; const char *rename; int counters_save; + struct { + unsigned int lineno; + } error; }; struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, diff --git a/iptables/nft.c b/iptables/nft.c index ee003511..fd552506 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -3360,6 +3360,8 @@ static int nft_prepare(struct nft_handle *h) nft_cache_build(h); list_for_each_entry_safe(cmd, next, &h->cmd_list, head) { + h->error.lineno = cmd->error.lineno; + switch (cmd->command) { case NFT_COMPAT_TABLE_FLUSH: ret = nft_table_flush(h, cmd->table); diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 052a80c2..c9d4ffbf 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -250,7 +250,7 @@ static void xtables_restore_parse_line(struct nft_handle *h, return; if (!ret) { fprintf(stderr, "%s: line %u failed", - xt_params->program_name, line); + xt_params->program_name, h->error.lineno); if (errno) fprintf(stderr, ": %s.", nft_strerror(errno)); fprintf(stderr, "\n"); |