diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-19 15:35:10 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-19 17:29:30 +0100 |
| commit | 0e52cab1e64ab8dc14d064115adce54fa05174e1 (patch) | |
| tree | 6611356e42524a6f8422debdc0b00de79ce15f53 | |
| parent | 6cce26e03778c57bbdbe4653c839de4325d21807 (diff) | |
src: improve error reporting when remove rules
# nft delete rule ip y z handle 7
Error: Could not process rule: No such file or directory
delete rule ip y z handle 7
^
# nft delete rule ip x z handle 7
Error: Could not process rule: No such file or directory
delete rule ip x z handle 7
^
# nft delete rule ip x x handle 7
Error: Could not process rule: No such file or directory
delete rule ip x x handle 7
^
# nft replace rule x y handle 10 ip saddr 1.1.1.2 counter
Error: Could not process rule: No such file or directory
replace rule x y handle 10 ip saddr 1.1.1.2 counter
^^
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/mnl.h | 4 | ||||
| -rw-r--r-- | src/mnl.c | 34 |
2 files changed, 25 insertions, 13 deletions
diff --git a/include/mnl.h b/include/mnl.h index 6d247cca..74b1b56f 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -31,8 +31,8 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list, int mnl_nft_rule_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags); -int mnl_nft_rule_del(struct netlink_ctx *ctx, const struct cmd *cmd); -int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd); +int mnl_nft_rule_del(struct netlink_ctx *ctx, struct cmd *cmd); +int mnl_nft_rule_replace(struct netlink_ctx *ctx, struct cmd *cmd); struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, int family); @@ -475,7 +475,7 @@ int mnl_nft_rule_add(struct netlink_ctx *ctx, struct cmd *cmd, return 0; } -int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd) +int mnl_nft_rule_replace(struct netlink_ctx *ctx, struct cmd *cmd) { struct rule *rule = cmd->rule; struct handle *h = &rule->handle; @@ -491,15 +491,20 @@ int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd) memory_allocation_error(); nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family); - nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name); - nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name); - nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id); netlink_linearize_rule(ctx, nlr, rule); nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), NFT_MSG_NEWRULE, cmd->handle.family, NLM_F_REPLACE | flags, ctx->seqnum); + + cmd_add_loc(cmd, nlh->nlmsg_len, &h->table.location); + mnl_attr_put_strz(nlh, NFTA_RULE_TABLE, h->table.name); + cmd_add_loc(cmd, nlh->nlmsg_len, &h->chain.location); + mnl_attr_put_strz(nlh, NFTA_RULE_CHAIN, h->chain.name); + cmd_add_loc(cmd, nlh->nlmsg_len, &h->handle.location); + mnl_attr_put_u64(nlh, NFTA_RULE_HANDLE, htobe64(h->handle.id)); + nftnl_rule_nlmsg_build_payload(nlh, nlr); nftnl_rule_free(nlr); @@ -508,9 +513,9 @@ int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd) return 0; } -int mnl_nft_rule_del(struct netlink_ctx *ctx, const struct cmd *cmd) +int mnl_nft_rule_del(struct netlink_ctx *ctx, struct cmd *cmd) { - const struct handle *h = &cmd->handle; + struct handle *h = &cmd->handle; struct nftnl_rule *nlr; struct nlmsghdr *nlh; @@ -519,16 +524,23 @@ int mnl_nft_rule_del(struct netlink_ctx *ctx, const struct cmd *cmd) memory_allocation_error(); nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family); - nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name); - if (h->chain.name) - nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name); - if (h->handle.id) - nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id); nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), NFT_MSG_DELRULE, nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY), 0, ctx->seqnum); + + cmd_add_loc(cmd, nlh->nlmsg_len, &h->table.location); + mnl_attr_put_strz(nlh, NFTA_RULE_TABLE, h->table.name); + if (h->chain.name) { + cmd_add_loc(cmd, nlh->nlmsg_len, &h->chain.location); + mnl_attr_put_strz(nlh, NFTA_RULE_CHAIN, h->chain.name); + } + if (h->handle.id) { + cmd_add_loc(cmd, nlh->nlmsg_len, &h->handle.location); + mnl_attr_put_u64(nlh, NFTA_RULE_HANDLE, htobe64(h->handle.id)); + } + nftnl_rule_nlmsg_build_payload(nlh, nlr); nftnl_rule_free(nlr); |