libnftables: Introduce nft_ctx_set_error()

Analogous to nft_ctx_set_output(), this allows to set a custom file
pointer for writing error messages to.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/nftables.h b/include/nftables.h
index 3d96f2e3f10f4defc0547440d24cba4e5c7f462d..1b368971bee9adda083f79e97478f0746aec1d48 100644 (file)
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -14,6 +14,7 @@ struct output_ctx {
        unsigned int handle;
        unsigned int echo;
        FILE *output_fp;
+       FILE *error_fp;
 };
 
 struct nft_cache {

diff --git a/include/nftables/nftables.h b/include/nftables/nftables.h
index 8e59f2b2a59ab95e40add077aa317ec1590733ad..1e9306822eb7e7d96f45a8f4c4ebab50b2552294 100644 (file)
--- a/include/nftables/nftables.h
+++ b/include/nftables/nftables.h
@@ -57,6 +57,8 @@ bool nft_ctx_output_get_echo(struct nft_ctx *ctx);
 void nft_ctx_output_set_echo(struct nft_ctx *ctx, bool val);
 
 FILE *nft_ctx_set_output(struct nft_ctx *ctx, FILE *fp);
+FILE *nft_ctx_set_error(struct nft_ctx *ctx, FILE *fp);
+
 int nft_ctx_add_include_path(struct nft_ctx *ctx, const char *path);
 void nft_ctx_clear_include_paths(struct nft_ctx *ctx);
 

diff --git a/src/erec.c b/src/erec.c
index 3e1b7fd108a7ef23720fca7afccb2ed186aa5be6..226c51f552267751d6b3161e19b030ff317ddcca 100644 (file)
--- a/src/erec.c
+++ b/src/erec.c
@@ -124,7 +124,7 @@ void erec_print(struct output_ctx *octx, const struct error_record *erec,
        unsigned int i, end;
        int l;
        off_t orig_offset = 0;
-       FILE *f = octx->output_fp;
+       FILE *f = octx->error_fp;
 
        if (!f)
                return;

diff --git a/src/libnftables.c b/src/libnftables.c
index 8bf989b08cc540d46f6e2733ed62f6be18af93af..d6622d51aba338705e2c91eb3d4a609d5f5eccaf 100644 (file)
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -169,6 +169,7 @@ struct nft_ctx *nft_ctx_new(uint32_t flags)
        init_list_head(&ctx->cache.list);
        ctx->flags = flags;
        ctx->output.output_fp = stdout;
+       ctx->output.error_fp = stderr;
 
        if (flags == NFT_CTX_DEFAULT)
                nft_ctx_netlink_init(ctx);
@@ -200,6 +201,18 @@ FILE *nft_ctx_set_output(struct nft_ctx *ctx, FILE *fp)
        return old;
 }
 
+FILE *nft_ctx_set_error(struct nft_ctx *ctx, FILE *fp)
+{
+       FILE *old = ctx->output.error_fp;
+
+       if (!fp || ferror(fp))
+               return NULL;
+
+       ctx->output.error_fp = fp;
+
+       return old;
+}
+
 bool nft_ctx_get_dry_run(struct nft_ctx *ctx)
 {
        return ctx->check;
@@ -282,7 +295,6 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, char *buf, size_t buflen)
        LIST_HEAD(msgs);
        size_t nlbuflen;
        void *scanner;
-       FILE *fp;
        char *nlbuf;
 
        nlbuflen = max(buflen + 1, strlen(buf) + 2);
@@ -297,9 +309,7 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, char *buf, size_t buflen)
        if (nft_run(nft, nft->nf_sock, scanner, &state, &msgs) != 0)
                rc = -1;
 
-       fp = nft_ctx_set_output(nft, stderr);
        erec_print_list(&nft->output, &msgs, nft->debug_mask);
-       nft_ctx_set_output(nft, fp);
        scanner_destroy(scanner);
        iface_cache_release();
        free(nlbuf);