diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-10-19 14:46:22 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-10-20 12:14:00 +0200 |
commit | c85a7b0faad897b094b95153212ce351140721ea (patch) | |
tree | aee5013e6d0ae78f6f5a97edc69f884fdfbbbc30 /include/netlink.h | |
parent | 26db6cd9061757d9548cfadc4f921caa1aa6aff7 (diff) |
src: improve rule error reporting
Kernel provides information regarding expression since
83d9dcba06c5 ("netfilter: nf_tables: extended netlink error reporting for
expressions").
A common mistake is to refer a chain which does not exist, e.g.
# nft add rule x y jump test
Error: Could not process rule: No such file or directory
add rule x y jump test
^^^^
Use the existing netlink extended error reporting infrastructure to
provide better error reporting as in the example above.
Requires Linux kernel patch 83d9dcba06c5 ("netfilter: nf_tables:
extended netlink error reporting for expressions").
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/netlink.h')
-rw-r--r-- | include/netlink.h | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/include/netlink.h b/include/netlink.h index b78277a8..cf8aae46 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -123,9 +123,11 @@ extern struct expr *netlink_alloc_data(const struct location *loc, enum nft_registers dreg); extern int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h); + +struct netlink_linearize_ctx; extern void netlink_linearize_rule(struct netlink_ctx *ctx, - struct nftnl_rule *nlr, - const struct rule *rule); + const struct rule *rule, + struct netlink_linearize_ctx *lctx); extern struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, struct nftnl_rule *r); @@ -215,4 +217,25 @@ enum nft_data_types dtype_map_to_kernel(const struct datatype *dtype); void expr_handler_init(void); void expr_handler_exit(void); +void netlink_linearize_init(struct netlink_linearize_ctx *lctx, + struct nftnl_rule *nlr); +void netlink_linearize_fini(struct netlink_linearize_ctx *lctx); + +struct netlink_linearize_ctx { + struct nftnl_rule *nlr; + unsigned int reg_low; + struct list_head *expr_loc_htable; +}; + +#define NFT_EXPR_LOC_HSIZE 128 + +struct nft_expr_loc { + struct list_head hlist; + const struct nftnl_expr *nle; + const struct location *loc; +}; + +struct nft_expr_loc *nft_expr_loc_find(const struct nftnl_expr *nle, + struct netlink_linearize_ctx *ctx); + #endif /* NFTABLES_NETLINK_H */ |