1From 0257293c68913dd5993c1cac44f2ee80af6d9792 Mon Sep 17 00:00:00 2001 2From: Phil Sutter <phil@nwl.cc> 3Date: Fri, 26 Aug 2022 16:53:52 +0200 4Subject: [PATCH] nft: Expand extended error reporting to nft_cmd, too 5 6Introduce the same embedded 'error' struct in nft_cmd and initialize it 7with the current value from nft_handle. Then in preparation phase, 8update nft_handle's error.lineno with the value from the current 9nft_cmd. 10 11This serves two purposes: 12 13* Allocated batch objects (obj_update) get the right lineno value 14 instead of the COMMIT one. 15 16* Any error during preparation may be reported with line number. Do this 17 and change the relevant fprintf() call to use nft_handle's lineno 18 instead of the global 'line' variable. 19 20With this change, cryptic iptables-nft-restore error messages should 21finally be gone: 22 23| # iptables-nft-restore <<EOF 24| *filter 25| -A nonexist 26| COMMIT 27| EOF 28| iptables-nft-restore: line 2 failed: No chain/target/match by that name. 29 30Conflict: NA 31Reference: https://git.netfilter.org/iptables/commit?id=0257293c68913dd5993c1cac44f2ee80af6d9792 32 33Signed-off-by: Phil Sutter <phil@nwl.cc> 34--- 35 iptables/nft-cmd.c | 1 + 36 iptables/nft-cmd.h | 3 +++ 37 iptables/nft.c | 2 ++ 38 iptables/xtables-restore.c | 2 +- 39 4 files changed, 7 insertions(+), 1 deletion(-) 40 41diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c 42index 9b0c964..f026c62 100644 43--- a/iptables/nft-cmd.c 44+++ b/iptables/nft-cmd.c 45@@ -26,6 +26,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, 46 if (!cmd) 47 return NULL; 48 49+ cmd->error.lineno = h->error.lineno; 50 cmd->command = command; 51 cmd->table = strdup(table); 52 if (chain) 53diff --git a/iptables/nft-cmd.h b/iptables/nft-cmd.h 54index ecf7655..3caa3ed 100644 55--- a/iptables/nft-cmd.h 56+++ b/iptables/nft-cmd.h 57@@ -24,6 +24,9 @@ struct nft_cmd { 58 struct xt_counters counters; 59 const char *rename; 60 int counters_save; 61+ struct { 62+ unsigned int lineno; 63+ } error; 64 }; 65 66 struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, 67diff --git a/iptables/nft.c b/iptables/nft.c 68index 3e24c86..996d5bc 100644 69--- a/iptables/nft.c 70+++ b/iptables/nft.c 71@@ -3050,6 +3050,8 @@ static int nft_prepare(struct nft_handle *h) 72 nft_cache_build(h); 73 74 list_for_each_entry_safe(cmd, next, &h->cmd_list, head) { 75+ h->error.lineno = cmd->error.lineno; 76+ 77 switch (cmd->command) { 78 case NFT_COMPAT_TABLE_FLUSH: 79 ret = nft_table_flush(h, cmd->table); 80diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c 81index d273949..abeaf76 100644 82--- a/iptables/xtables-restore.c 83+++ b/iptables/xtables-restore.c 84@@ -248,7 +248,7 @@ static void xtables_restore_parse_line(struct nft_handle *h, 85 return; 86 if (!ret) { 87 fprintf(stderr, "%s: line %u failed\n", 88- xt_params->program_name, line); 89+ xt_params->program_name, h->error.lineno); 90 exit(1); 91 } 92 } 93-- 942.33.0 95 96