96 lines
2.8 KiB
Diff
96 lines
2.8 KiB
Diff
From 0257293c68913dd5993c1cac44f2ee80af6d9792 Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Fri, 26 Aug 2022 16:53:52 +0200
|
|
Subject: [PATCH] nft: Expand extended error reporting to nft_cmd, too
|
|
|
|
Introduce the same embedded 'error' struct in nft_cmd and initialize it
|
|
with the current value from nft_handle. Then in preparation phase,
|
|
update nft_handle's error.lineno with the value from the current
|
|
nft_cmd.
|
|
|
|
This serves two purposes:
|
|
|
|
* Allocated batch objects (obj_update) get the right lineno value
|
|
instead of the COMMIT one.
|
|
|
|
* Any error during preparation may be reported with line number. Do this
|
|
and change the relevant fprintf() call to use nft_handle's lineno
|
|
instead of the global 'line' variable.
|
|
|
|
With this change, cryptic iptables-nft-restore error messages should
|
|
finally be gone:
|
|
|
|
| # iptables-nft-restore <<EOF
|
|
| *filter
|
|
| -A nonexist
|
|
| COMMIT
|
|
| EOF
|
|
| iptables-nft-restore: line 2 failed: No chain/target/match by that name.
|
|
|
|
Conflict: NA
|
|
Reference: https://git.netfilter.org/iptables/commit?id=0257293c68913dd5993c1cac44f2ee80af6d9792
|
|
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
---
|
|
iptables/nft-cmd.c | 1 +
|
|
iptables/nft-cmd.h | 3 +++
|
|
iptables/nft.c | 2 ++
|
|
iptables/xtables-restore.c | 2 +-
|
|
4 files changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
|
|
index 9b0c964..f026c62 100644
|
|
--- a/iptables/nft-cmd.c
|
|
+++ b/iptables/nft-cmd.c
|
|
@@ -26,6 +26,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
|
|
if (!cmd)
|
|
return NULL;
|
|
|
|
+ cmd->error.lineno = h->error.lineno;
|
|
cmd->command = command;
|
|
cmd->table = strdup(table);
|
|
if (chain)
|
|
diff --git a/iptables/nft-cmd.h b/iptables/nft-cmd.h
|
|
index ecf7655..3caa3ed 100644
|
|
--- a/iptables/nft-cmd.h
|
|
+++ b/iptables/nft-cmd.h
|
|
@@ -24,6 +24,9 @@ struct nft_cmd {
|
|
struct xt_counters counters;
|
|
const char *rename;
|
|
int counters_save;
|
|
+ struct {
|
|
+ unsigned int lineno;
|
|
+ } error;
|
|
};
|
|
|
|
struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
|
|
diff --git a/iptables/nft.c b/iptables/nft.c
|
|
index 3e24c86..996d5bc 100644
|
|
--- a/iptables/nft.c
|
|
+++ b/iptables/nft.c
|
|
@@ -3050,6 +3050,8 @@ static int nft_prepare(struct nft_handle *h)
|
|
nft_cache_build(h);
|
|
|
|
list_for_each_entry_safe(cmd, next, &h->cmd_list, head) {
|
|
+ h->error.lineno = cmd->error.lineno;
|
|
+
|
|
switch (cmd->command) {
|
|
case NFT_COMPAT_TABLE_FLUSH:
|
|
ret = nft_table_flush(h, cmd->table);
|
|
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
|
|
index d273949..abeaf76 100644
|
|
--- a/iptables/xtables-restore.c
|
|
+++ b/iptables/xtables-restore.c
|
|
@@ -248,7 +248,7 @@ static void xtables_restore_parse_line(struct nft_handle *h,
|
|
return;
|
|
if (!ret) {
|
|
fprintf(stderr, "%s: line %u failed\n",
|
|
- xt_params->program_name, line);
|
|
+ xt_params->program_name, h->error.lineno);
|
|
exit(1);
|
|
}
|
|
}
|
|
--
|
|
2.33.0
|
|
|