1From c70a33d219ccb43e6f59aa1b9bbab5dcb13f3443 Mon Sep 17 00:00:00 2001 2From: Phil Sutter <phil@nwl.cc> 3Date: Thu, 25 Aug 2022 11:53:04 +0200 4Subject: [PATCH] xtables-restore: Extend failure error message 5 6If a line causes zero 'ret' value and errno is set, call nft_strerror() 7for a more detailed error message. While not perfect, it helps with 8debugging ominous "line NN failed" messages pointing at COMMIT: 9 10| # iptables-nft-restore <<EOF 11| *filter 12| -A nonexist 13| COMMIT 14| EOF 15| iptables-nft-restore: line 3 failed: No chain/target/match by that name. 16 17Conflict: NA 18Reference: https://git.netfilter.org/iptables/commit?id=c70a33d219ccb43e6f59aa1b9bbab5dcb13f3443 19 20Signed-off-by: Phil Sutter <phil@nwl.cc> 21--- 22 iptables/xtables-restore.c | 5 ++++- 23 1 file changed, 4 insertions(+), 1 deletion(-) 24 25diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c 26index abeaf76..5940e9a 100644 27--- a/iptables/xtables-restore.c 28+++ b/iptables/xtables-restore.c 29@@ -247,8 +247,11 @@ static void xtables_restore_parse_line(struct nft_handle *h, 30 (strcmp(p->tablename, state->curtable->name) != 0)) 31 return; 32 if (!ret) { 33- fprintf(stderr, "%s: line %u failed\n", 34+ fprintf(stderr, "%s: line %u failed", 35 xt_params->program_name, h->error.lineno); 36+ if (errno) 37+ fprintf(stderr, ": %s.", nft_strerror(errno)); 38+ fprintf(stderr, "\n"); 39 exit(1); 40 } 41 } 42-- 432.33.0 44 45