diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-18 12:59:24 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-19 17:28:52 +0100 |
| commit | 3a0e07106f666df82925aa3fb2eb5937245c9819 (patch) | |
| tree | 4c17d78ae8c2b05d4a033b91eca94aa33fd6dec3 /src | |
| parent | f8aec603aa7e9dad1316079d42c7efcc52b773fa (diff) | |
src: combine extended netlink error reporting with mispelling support
Preliminary support: only for the deletion command, e.g.
# nft delete table twst
Error: No such file or directory; did you mean table ‘test’ in family ip?
delete table twst
^^^^
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/cmd.c | 159 | ||||
| -rw-r--r-- | src/libnftables.c | 23 |
2 files changed, 161 insertions, 21 deletions
diff --git a/src/cmd.c b/src/cmd.c new file mode 100644 index 00000000..c8ea4492 --- /dev/null +++ b/src/cmd.c @@ -0,0 +1,159 @@ +#include <erec.h> +#include <mnl.h> +#include <cmd.h> +#include <parser.h> +#include <utils.h> +#include <iface.h> +#include <errno.h> +#include <stdlib.h> +#include <string.h> + +static int nft_cmd_enoent_table(struct netlink_ctx *ctx, const struct cmd *cmd, + struct location *loc) +{ + struct table *table; + + table = table_lookup_fuzzy(&cmd->handle, &ctx->nft->cache); + if (!table) + return 0; + + netlink_io_error(ctx, loc, "%s; did you mean table ‘%s’ in family %s?", + strerror(ENOENT), table->handle.table.name, + family2str(table->handle.family)); + return 1; +} + +static int nft_cmd_enoent_chain(struct netlink_ctx *ctx, const struct cmd *cmd, + struct location *loc) +{ + const struct table *table; + struct chain *chain; + + chain = chain_lookup_fuzzy(&cmd->handle, &ctx->nft->cache, &table); + if (!chain) + return 0; + + netlink_io_error(ctx, loc, "%s; did you mean table ‘%s’ in family %s?", + strerror(ENOENT), chain->handle.chain.name, + family2str(table->handle.family), + table->handle.table.name); + return 1; +} + +static int nft_cmd_enoent_set(struct netlink_ctx *ctx, const struct cmd *cmd, + struct location *loc) +{ + const struct table *table; + struct set *set; + + set = set_lookup_fuzzy(cmd->handle.set.name, &ctx->nft->cache, &table); + if (!set) + return 0; + + netlink_io_error(ctx, loc, "%s; did you mean %s ‘%s’ in table %s ‘%s’?", + strerror(ENOENT), + set_is_map(set->flags) ? "map" : "set", + set->handle.set.name, + family2str(set->handle.family), + table->handle.table.name); + return 1; +} + +static int nft_cmd_enoent_obj(struct netlink_ctx *ctx, const struct cmd *cmd, + struct location *loc) +{ + const struct table *table; + struct obj *obj; + + obj = obj_lookup_fuzzy(cmd->handle.obj.name, &ctx->nft->cache, &table); + if (!obj) + return 0; + + netlink_io_error(ctx, loc, "%s; did you mean obj ‘%s’ in table %s ‘%s’?", + strerror(ENOENT), obj->handle.obj.name, + family2str(obj->handle.family), + table->handle.table.name); + return 1; +} + +static int nft_cmd_enoent_flowtable(struct netlink_ctx *ctx, + const struct cmd *cmd, struct location *loc) +{ + const struct table *table; + struct flowtable *ft; + + ft = flowtable_lookup_fuzzy(cmd->handle.flowtable.name, + &ctx->nft->cache, &table); + if (!ft) + return 0; + + netlink_io_error(ctx, loc, "%s; did you mean flowtable ‘%s’ in table %s ‘%s’?", + strerror(ENOENT), ft->handle.flowtable.name, + family2str(ft->handle.family), + table->handle.table.name); + return 1; +} + +static void nft_cmd_enoent(struct netlink_ctx *ctx, const struct cmd *cmd, + struct location *loc, int err) +{ + int ret = 0; + + switch (cmd->obj) { + case CMD_OBJ_TABLE: + ret = nft_cmd_enoent_table(ctx, cmd, loc); + break; + case CMD_OBJ_CHAIN: + ret = nft_cmd_enoent_chain(ctx, cmd, loc); + break; + case CMD_OBJ_SET: + ret = nft_cmd_enoent_set(ctx, cmd, loc); + break; + case CMD_OBJ_COUNTER: + case CMD_OBJ_QUOTA: + case CMD_OBJ_CT_HELPER: + case CMD_OBJ_CT_TIMEOUT: + case CMD_OBJ_LIMIT: + case CMD_OBJ_SECMARK: + case CMD_OBJ_CT_EXPECT: + case CMD_OBJ_SYNPROXY: + ret = nft_cmd_enoent_obj(ctx, cmd, loc); + break; + case CMD_OBJ_FLOWTABLE: + ret = nft_cmd_enoent_flowtable(ctx, cmd, loc); + break; + default: + break; + } + + if (ret) + return; + + netlink_io_error(ctx, loc, "Could not process rule: %s", strerror(err)); +} + +void nft_cmd_error(struct netlink_ctx *ctx, struct cmd *cmd, + struct mnl_err *err) +{ + struct location *loc = NULL; + int i; + + for (i = 0; i < cmd->num_attrs; i++) { + if (!cmd->attr[i].offset) + break; + if (cmd->attr[i].offset == err->offset) + loc = cmd->attr[i].location; + } + + if (loc) { + if (err->err == ENOENT) { + nft_cmd_enoent(ctx, cmd, loc, err->err); + return; + } + } else { + loc = &cmd->location; + } + + netlink_io_error(ctx, loc, "Could not process rule: %s", + strerror(err->err)); +} diff --git a/src/libnftables.c b/src/libnftables.c index eaa4736c..32da0a29 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -12,30 +12,11 @@ #include <parser.h> #include <utils.h> #include <iface.h> - +#include <cmd.h> #include <errno.h> #include <stdlib.h> #include <string.h> -static void nft_error(struct netlink_ctx *ctx, struct cmd *cmd, - struct mnl_err *err) -{ - struct location *loc = NULL; - int i; - - for (i = 0; i < cmd->num_attrs; i++) { - if (!cmd->attr[i].offset) - break; - if (cmd->attr[i].offset == err->offset) - loc = cmd->attr[i].location; - } - if (!loc) - loc = &cmd->location; - - netlink_io_error(ctx, loc, "Could not process rule: %s", - strerror(err->err)); -} - static int nft_netlink(struct nft_ctx *nft, struct list_head *cmds, struct list_head *msgs, struct mnl_socket *nf_sock) @@ -87,7 +68,7 @@ static int nft_netlink(struct nft_ctx *nft, list_for_each_entry(cmd, cmds, list) { if (err->seqnum == cmd->seqnum || err->seqnum == batch_seqnum) { - nft_error(&ctx, cmd, err); + nft_cmd_error(&ctx, cmd, err); errno = err->err; if (err->seqnum == cmd->seqnum) { mnl_err_list_free(err); |