diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-17 22:38:13 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-19 15:17:11 +0100 |
commit | f8aec603aa7e9dad1316079d42c7efcc52b773fa (patch) | |
tree | 2c2f9c1c601610464431683c6d90ca0e8af27d2b /include/netlink.h | |
parent | 9491f1a8eecf1c023ebe3a30b1e92e44a4a39a05 (diff) |
src: initial extended netlink error reporting
This patch correlates the in-kernel extended netlink error offset and
the location information.
Assuming 'foo' table does not exist, then error reporting shows:
# nft delete table foo
Error: Could not process rule: No such file or directory
delete table foo
^^^
Similarly, if table uniquely identified by handle '1234' does not exist,
then error reporting shows:
# nft delete table handle 1234
Error: Could not process rule: No such file or directory
delete table handle 1234
^^^^
Assuming 'bar' chain does not exists in the kernel, while 'foo' does:
# nft delete chain foo bar
Error: Could not process rule: No such file or directory
delete chain foo bar
^^^
This also gives us a hint when adding rules:
# nft add rule ip foo bar counter
Error: Could not process rule: No such file or directory
add rule ip foo bar counter
^^^
This is based on ("src: basic support for extended netlink errors") from
Florian Westphal, posted in 2018, with no netlink offset correlation
support.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/netlink.h')
-rw-r--r-- | include/netlink.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/include/netlink.h b/include/netlink.h index d02533ec..c2eb8949 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -16,6 +16,22 @@ #define MAX_REGS (1 + NFT_REG32_15 - NFT_REG32_00) +#ifndef NETLINK_EXT_ACK +#define NETLINK_EXT_ACK 11 + +enum nlmsgerr_attrs { + NLMSGERR_ATTR_UNUSED, + NLMSGERR_ATTR_MSG, + NLMSGERR_ATTR_OFFS, + NLMSGERR_ATTR_COOKIE, + + __NLMSGERR_ATTR_MAX, + NLMSGERR_ATTR_MAX = __NLMSGERR_ATTR_MAX - 1 +}; +#define NLM_F_CAPPED 0x100 /* request was capped */ +#define NLM_F_ACK_TLVS 0x200 /* extended ACK TVLs were included */ +#endif + struct netlink_parse_ctx { struct list_head *msgs; struct table *table; @@ -176,6 +192,10 @@ struct netlink_mon_handler { extern int netlink_monitor(struct netlink_mon_handler *monhandler, struct mnl_socket *nf_sock); +struct netlink_cb_data { + struct netlink_ctx *nl_ctx; + struct list_head *err_list; +}; int netlink_echo_callback(const struct nlmsghdr *nlh, void *data); struct ruleset_parse { |