19a0061b6Sopenharmony_ciFrom 0257293c68913dd5993c1cac44f2ee80af6d9792 Mon Sep 17 00:00:00 2001
29a0061b6Sopenharmony_ciFrom: Phil Sutter <phil@nwl.cc>
39a0061b6Sopenharmony_ciDate: Fri, 26 Aug 2022 16:53:52 +0200
49a0061b6Sopenharmony_ciSubject: [PATCH] nft: Expand extended error reporting to nft_cmd, too
59a0061b6Sopenharmony_ci
69a0061b6Sopenharmony_ciIntroduce the same embedded 'error' struct in nft_cmd and initialize it
79a0061b6Sopenharmony_ciwith the current value from nft_handle. Then in preparation phase,
89a0061b6Sopenharmony_ciupdate nft_handle's error.lineno with the value from the current
99a0061b6Sopenharmony_cinft_cmd.
109a0061b6Sopenharmony_ci
119a0061b6Sopenharmony_ciThis serves two purposes:
129a0061b6Sopenharmony_ci
139a0061b6Sopenharmony_ci* Allocated batch objects (obj_update) get the right lineno value
149a0061b6Sopenharmony_ci  instead of the COMMIT one.
159a0061b6Sopenharmony_ci
169a0061b6Sopenharmony_ci* Any error during preparation may be reported with line number. Do this
179a0061b6Sopenharmony_ci  and change the relevant fprintf() call to use nft_handle's lineno
189a0061b6Sopenharmony_ci  instead of the global 'line' variable.
199a0061b6Sopenharmony_ci
209a0061b6Sopenharmony_ciWith this change, cryptic iptables-nft-restore error messages should
219a0061b6Sopenharmony_cifinally be gone:
229a0061b6Sopenharmony_ci
239a0061b6Sopenharmony_ci| # iptables-nft-restore <<EOF
249a0061b6Sopenharmony_ci| *filter
259a0061b6Sopenharmony_ci| -A nonexist
269a0061b6Sopenharmony_ci| COMMIT
279a0061b6Sopenharmony_ci| EOF
289a0061b6Sopenharmony_ci| iptables-nft-restore: line 2 failed: No chain/target/match by that name.
299a0061b6Sopenharmony_ci
309a0061b6Sopenharmony_ciConflict: NA
319a0061b6Sopenharmony_ciReference: https://git.netfilter.org/iptables/commit?id=0257293c68913dd5993c1cac44f2ee80af6d9792
329a0061b6Sopenharmony_ci
339a0061b6Sopenharmony_ciSigned-off-by: Phil Sutter <phil@nwl.cc>
349a0061b6Sopenharmony_ci---
359a0061b6Sopenharmony_ci iptables/nft-cmd.c         | 1 +
369a0061b6Sopenharmony_ci iptables/nft-cmd.h         | 3 +++
379a0061b6Sopenharmony_ci iptables/nft.c             | 2 ++
389a0061b6Sopenharmony_ci iptables/xtables-restore.c | 2 +-
399a0061b6Sopenharmony_ci 4 files changed, 7 insertions(+), 1 deletion(-)
409a0061b6Sopenharmony_ci
419a0061b6Sopenharmony_cidiff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
429a0061b6Sopenharmony_ciindex 9b0c964..f026c62 100644
439a0061b6Sopenharmony_ci--- a/iptables/nft-cmd.c
449a0061b6Sopenharmony_ci+++ b/iptables/nft-cmd.c
459a0061b6Sopenharmony_ci@@ -26,6 +26,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
469a0061b6Sopenharmony_ci 	if (!cmd)
479a0061b6Sopenharmony_ci 		return NULL;
489a0061b6Sopenharmony_ci 
499a0061b6Sopenharmony_ci+	cmd->error.lineno = h->error.lineno;
509a0061b6Sopenharmony_ci 	cmd->command = command;
519a0061b6Sopenharmony_ci 	cmd->table = strdup(table);
529a0061b6Sopenharmony_ci 	if (chain)
539a0061b6Sopenharmony_cidiff --git a/iptables/nft-cmd.h b/iptables/nft-cmd.h
549a0061b6Sopenharmony_ciindex ecf7655..3caa3ed 100644
559a0061b6Sopenharmony_ci--- a/iptables/nft-cmd.h
569a0061b6Sopenharmony_ci+++ b/iptables/nft-cmd.h
579a0061b6Sopenharmony_ci@@ -24,6 +24,9 @@ struct nft_cmd {
589a0061b6Sopenharmony_ci 	struct xt_counters		counters;
599a0061b6Sopenharmony_ci 	const char			*rename;
609a0061b6Sopenharmony_ci 	int				counters_save;
619a0061b6Sopenharmony_ci+	struct {
629a0061b6Sopenharmony_ci+		unsigned int		lineno;
639a0061b6Sopenharmony_ci+	} error;
649a0061b6Sopenharmony_ci };
659a0061b6Sopenharmony_ci 
669a0061b6Sopenharmony_ci struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
679a0061b6Sopenharmony_cidiff --git a/iptables/nft.c b/iptables/nft.c
689a0061b6Sopenharmony_ciindex 3e24c86..996d5bc 100644
699a0061b6Sopenharmony_ci--- a/iptables/nft.c
709a0061b6Sopenharmony_ci+++ b/iptables/nft.c
719a0061b6Sopenharmony_ci@@ -3050,6 +3050,8 @@ static int nft_prepare(struct nft_handle *h)
729a0061b6Sopenharmony_ci 	nft_cache_build(h);
739a0061b6Sopenharmony_ci 
749a0061b6Sopenharmony_ci 	list_for_each_entry_safe(cmd, next, &h->cmd_list, head) {
759a0061b6Sopenharmony_ci+		h->error.lineno = cmd->error.lineno;
769a0061b6Sopenharmony_ci+		
779a0061b6Sopenharmony_ci 		switch (cmd->command) {
789a0061b6Sopenharmony_ci 		case NFT_COMPAT_TABLE_FLUSH:
799a0061b6Sopenharmony_ci 			ret = nft_table_flush(h, cmd->table);
809a0061b6Sopenharmony_cidiff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
819a0061b6Sopenharmony_ciindex d273949..abeaf76 100644
829a0061b6Sopenharmony_ci--- a/iptables/xtables-restore.c
839a0061b6Sopenharmony_ci+++ b/iptables/xtables-restore.c
849a0061b6Sopenharmony_ci@@ -248,7 +248,7 @@ static void xtables_restore_parse_line(struct nft_handle *h,
859a0061b6Sopenharmony_ci 		return;
869a0061b6Sopenharmony_ci 	if (!ret) {
879a0061b6Sopenharmony_ci 		fprintf(stderr, "%s: line %u failed\n",
889a0061b6Sopenharmony_ci-				xt_params->program_name, line);
899a0061b6Sopenharmony_ci+				xt_params->program_name, h->error.lineno);
909a0061b6Sopenharmony_ci 		exit(1);
919a0061b6Sopenharmony_ci 	}
929a0061b6Sopenharmony_ci }
939a0061b6Sopenharmony_ci-- 
949a0061b6Sopenharmony_ci2.33.0
959a0061b6Sopenharmony_ci
96