summaryrefslogtreecommitdiffstats
path: root/src/libnftables.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2019-06-04 11:03:06 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2019-06-05 18:00:31 +0200
commit89bae935180a50f4ea827f5facc41459557380ef (patch)
tree86680b2f7ebf21e54bd3acc3711bd0200b6e383d /src/libnftables.c
parentf211921e25e683eb0cbfac08fd0289a07b6d67d1 (diff)
src: Display parser and evaluate errors in one shot
This patch restores 61236968b7a1 ("parser: evaluate commands immediately after parsing") following a different approach. In this patch, the evaluation phase is done if the parsing phase fails, hence the user gets parsing and evaluation errors in one shot, which is the purpose of 61236968b7a1. Note that evaluation errors are now shown after parser errors, the example available in 61236968b7a1 displays with this patch the following error: # nft -f /tmp/bad.nft /tmp/bad.nft:3:32-32: Error: syntax error, unexpected newline add rule filter input tcp dport ^ /tmp/bad.nft:5:37-41: Error: syntax error, unexpected dport, expecting end of file or newline or semicolon add rule filter input tcp dport tcp dport ^^^^^ /tmp/bad.nft:4:33-35: Error: datatype mismatch, expected internet network service, expression has type Internet protocol add rule filter input tcp dport tcp ~~~~~~~~~ ^^^ So evaluation pointing to line 4 happens after line error reporting generated by the parser that points to line 3, while 61236968b7a1 was showing errors per line in order. As a future work, we can sort the error reporting list to restore exactly the same behaviour. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/libnftables.c')
-rw-r--r--src/libnftables.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/src/libnftables.c b/src/libnftables.c
index 8720fe2b..f459ecd5 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -400,11 +400,11 @@ static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs,
int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
{
+ int rc = -EINVAL, parser_rc;
struct cmd *cmd, *next;
LIST_HEAD(msgs);
LIST_HEAD(cmds);
char *nlbuf;
- int rc = -EINVAL;
nlbuf = xzalloc(strlen(buf) + 2);
sprintf(nlbuf, "%s\n", buf);
@@ -413,13 +413,18 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
rc = nft_parse_json_buffer(nft, nlbuf, &msgs, &cmds);
if (rc == -EINVAL)
rc = nft_parse_bison_buffer(nft, nlbuf, &msgs, &cmds);
- if (rc)
- goto err;
+
+ parser_rc = rc;
rc = nft_evaluate(nft, &msgs, &cmds);
if (rc < 0)
goto err;
+ if (parser_rc) {
+ rc = parser_rc;
+ goto err;
+ }
+
if (nft_netlink(nft, &cmds, &msgs, nft->nf_sock) != 0)
rc = -1;
err:
@@ -445,9 +450,9 @@ err:
int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename)
{
struct cmd *cmd, *next;
+ int rc, parser_rc;
LIST_HEAD(msgs);
LIST_HEAD(cmds);
- int rc;
rc = cache_update(nft, CMD_INVALID, &msgs);
if (rc < 0)
@@ -461,13 +466,18 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename)
rc = nft_parse_json_filename(nft, filename, &msgs, &cmds);
if (rc == -EINVAL)
rc = nft_parse_bison_filename(nft, filename, &msgs, &cmds);
- if (rc)
- goto err;
+
+ parser_rc = rc;
rc = nft_evaluate(nft, &msgs, &cmds);
if (rc < 0)
goto err;
+ if (parser_rc) {
+ rc = parser_rc;
+ goto err;
+ }
+
if (nft_netlink(nft, &cmds, &msgs, nft->nf_sock) != 0)
rc = -1;
err: