summaryrefslogtreecommitdiffstats
path: root/include/netlink.h
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2020-10-19 14:46:22 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2020-10-20 12:14:00 +0200
commitc85a7b0faad897b094b95153212ce351140721ea (patch)
treeaee5013e6d0ae78f6f5a97edc69f884fdfbbbc30 /include/netlink.h
parent26db6cd9061757d9548cfadc4f921caa1aa6aff7 (diff)
src: improve rule error reporting
Kernel provides information regarding expression since 83d9dcba06c5 ("netfilter: nf_tables: extended netlink error reporting for expressions"). A common mistake is to refer a chain which does not exist, e.g. # nft add rule x y jump test Error: Could not process rule: No such file or directory add rule x y jump test ^^^^ Use the existing netlink extended error reporting infrastructure to provide better error reporting as in the example above. Requires Linux kernel patch 83d9dcba06c5 ("netfilter: nf_tables: extended netlink error reporting for expressions"). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/netlink.h')
-rw-r--r--include/netlink.h27
1 files changed, 25 insertions, 2 deletions
diff --git a/include/netlink.h b/include/netlink.h
index b78277a8..cf8aae46 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -123,9 +123,11 @@ extern struct expr *netlink_alloc_data(const struct location *loc,
enum nft_registers dreg);
extern int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h);
+
+struct netlink_linearize_ctx;
extern void netlink_linearize_rule(struct netlink_ctx *ctx,
- struct nftnl_rule *nlr,
- const struct rule *rule);
+ const struct rule *rule,
+ struct netlink_linearize_ctx *lctx);
extern struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
struct nftnl_rule *r);
@@ -215,4 +217,25 @@ enum nft_data_types dtype_map_to_kernel(const struct datatype *dtype);
void expr_handler_init(void);
void expr_handler_exit(void);
+void netlink_linearize_init(struct netlink_linearize_ctx *lctx,
+ struct nftnl_rule *nlr);
+void netlink_linearize_fini(struct netlink_linearize_ctx *lctx);
+
+struct netlink_linearize_ctx {
+ struct nftnl_rule *nlr;
+ unsigned int reg_low;
+ struct list_head *expr_loc_htable;
+};
+
+#define NFT_EXPR_LOC_HSIZE 128
+
+struct nft_expr_loc {
+ struct list_head hlist;
+ const struct nftnl_expr *nle;
+ const struct location *loc;
+};
+
+struct nft_expr_loc *nft_expr_loc_find(const struct nftnl_expr *nle,
+ struct netlink_linearize_ctx *ctx);
+
#endif /* NFTABLES_NETLINK_H */