diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-27 10:20:46 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-27 12:00:07 +0200 |
commit | 0f82b07f20178ea39e77a8dd90eeeebc412646e0 (patch) | |
tree | 6d8ed95018c6739b2441f5e580162dc417cefd22 /src/mnl.c | |
parent | 15b3be2e721067e25898a366f009e1a83f908967 (diff) |
mnl: store netlink error location for set elements
Store set element location in the per-command netlink error location
array. This allows for fine grain error reporting when adding and
deleting elements.
# nft -f test.nft
test.nft:5:4-20: Error: Could not process rule: File exists
00:01:45:09:0b:26 : drop,
^^^^^^^^^^^^^^^^^
test.nft contains a large map with one redundant entry.
Thus, users do not have to find the needle in the stack.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/mnl.c')
-rw-r--r-- | src/mnl.c | 28 |
1 files changed, 17 insertions, 11 deletions
@@ -1609,9 +1609,9 @@ static void netlink_dump_setelem_done(struct netlink_ctx *ctx) fprintf(fp, "\n"); } -static int mnl_nft_setelem_batch(const struct nftnl_set *nls, +static int mnl_nft_setelem_batch(const struct nftnl_set *nls, struct cmd *cmd, struct nftnl_batch *batch, - enum nf_tables_msg_types cmd, + enum nf_tables_msg_types msg_type, unsigned int flags, uint32_t seqnum, const struct expr *set, struct netlink_ctx *ctx) @@ -1622,14 +1622,14 @@ static int mnl_nft_setelem_batch(const struct nftnl_set *nls, struct expr *expr = NULL; int i = 0; - if (cmd == NFT_MSG_NEWSETELEM) + if (msg_type == NFT_MSG_NEWSETELEM) flags |= NLM_F_CREATE; if (set) expr = list_first_entry(&set->expressions, struct expr, list); next: - nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), cmd, + nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), msg_type, nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), flags, seqnum); @@ -1653,7 +1653,12 @@ next: nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_LIST_ELEMENTS); list_for_each_entry_from(expr, &set->expressions, list) { nlse = alloc_nftnl_setelem(set, expr); - nest2 = nftnl_set_elem_nlmsg_build(nlh, nlse, ++i); + + cmd_add_loc(cmd, nlh->nlmsg_len, &expr->location); + nest2 = mnl_attr_nest_start(nlh, ++i); + nftnl_set_elem_nlmsg_build_payload(nlh, nlse); + mnl_attr_nest_end(nlh, nest2); + netlink_dump_setelem(nlse, ctx); nftnl_set_elem_free(nlse); if (mnl_nft_attr_nest_overflow(nlh, nest1, nest2)) { @@ -1669,8 +1674,9 @@ next: return 0; } -int mnl_nft_setelem_add(struct netlink_ctx *ctx, const struct set *set, - const struct expr *expr, unsigned int flags) +int mnl_nft_setelem_add(struct netlink_ctx *ctx, struct cmd *cmd, + const struct set *set, const struct expr *expr, + unsigned int flags) { const struct handle *h = &set->handle; struct nftnl_set *nls; @@ -1691,7 +1697,7 @@ int mnl_nft_setelem_add(struct netlink_ctx *ctx, const struct set *set, netlink_dump_set(nls, ctx); - err = mnl_nft_setelem_batch(nls, ctx->batch, NFT_MSG_NEWSETELEM, + err = mnl_nft_setelem_batch(nls, cmd, ctx->batch, NFT_MSG_NEWSETELEM, flags, ctx->seqnum, expr, ctx); nftnl_set_free(nls); @@ -1728,8 +1734,8 @@ int mnl_nft_setelem_flush(struct netlink_ctx *ctx, const struct cmd *cmd) return 0; } -int mnl_nft_setelem_del(struct netlink_ctx *ctx, const struct handle *h, - const struct expr *init) +int mnl_nft_setelem_del(struct netlink_ctx *ctx, struct cmd *cmd, + const struct handle *h, const struct expr *init) { struct nftnl_set *nls; int err; @@ -1747,7 +1753,7 @@ int mnl_nft_setelem_del(struct netlink_ctx *ctx, const struct handle *h, netlink_dump_set(nls, ctx); - err = mnl_nft_setelem_batch(nls, ctx->batch, NFT_MSG_DELSETELEM, 0, + err = mnl_nft_setelem_batch(nls, cmd, ctx->batch, NFT_MSG_DELSETELEM, 0, ctx->seqnum, init, ctx); nftnl_set_free(nls); |