From 0257293c68913dd5993c1cac44f2ee80af6d9792 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 26 Aug 2022 16:53:52 +0200
Subject: nft: Expand extended error reporting to nft_cmd, too

Introduce the same embedded 'error' struct in nft_cmd and initialize it
with the current value from nft_handle. Then in preparation phase,
update nft_handle's error.lineno with the value from the current
nft_cmd.

This serves two purposes:

* Allocated batch objects (obj_update) get the right lineno value
  instead of the COMMIT one.

* Any error during preparation may be reported with line number. Do this
  and change the relevant fprintf() call to use nft_handle's lineno
  instead of the global 'line' variable.

With this change, cryptic iptables-nft-restore error messages should
finally be gone:

| # iptables-nft-restore <<EOF
| *filter
| -A nonexist
| COMMIT
| EOF
| iptables-nft-restore: line 2 failed: No chain/target/match by that name.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/xtables-restore.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'iptables/xtables-restore.c')

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 052a80c2..c9d4ffbf 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -250,7 +250,7 @@ static void xtables_restore_parse_line(struct nft_handle *h,
 		return;
 	if (!ret) {
 		fprintf(stderr, "%s: line %u failed",
-				xt_params->program_name, line);
+				xt_params->program_name, h->error.lineno);
 		if (errno)
 			fprintf(stderr,	": %s.", nft_strerror(errno));
 		fprintf(stderr, "\n");
-- 
cgit v1.2.3