git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 17 Feb 2020 21:38:13 +0000 (22:38 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 19 Feb 2020 14:17:11 +0000 (15:17 +0100)
commit	f8aec603aa7e9dad1316079d42c7efcc52b773fa
tree	2c2f9c1c601610464431683c6d90ca0e8af27d2b	tree \| snapshot
parent	9491f1a8eecf1c023ebe3a30b1e92e44a4a39a05	commit \| diff

src: initial extended netlink error reporting

This patch correlates the in-kernel extended netlink error offset and
the location information.

Assuming 'foo' table does not exist, then error reporting shows:

# nft delete table foo
Error: Could not process rule: No such file or directory
delete table foo
              ^^^

Similarly, if table uniquely identified by handle '1234' does not exist,
then error reporting shows:

# nft delete table handle 1234
Error: Could not process rule: No such file or directory
delete table handle 1234
                     ^^^^

Assuming 'bar' chain does not exists in the kernel, while 'foo' does:

# nft delete chain foo bar
Error: Could not process rule: No such file or directory
delete chain foo bar
                  ^^^

This also gives us a hint when adding rules:

# nft add rule ip foo bar counter
Error: Could not process rule: No such file or directory
add rule ip foo bar counter
             ^^^

This is based on ("src: basic support for extended netlink errors") from
Florian Westphal, posted in 2018, with no netlink offset correlation
support.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/cmd.h	[new file with mode: 0644]	blob
include/mnl.h		diff \| blob \| blame \| history
include/netlink.h		diff \| blob \| blame \| history
include/rule.h		diff \| blob \| blame \| history
src/Makefile.am		diff \| blob \| blame \| history
src/libnftables.c		diff \| blob \| blame \| history
src/mnl.c		diff \| blob \| blame \| history
src/monitor.c		diff \| blob \| blame \| history
src/rule.c		diff \| blob \| blame \| history