Introduce the same embedded 'error' struct in nft_cmd and initialize it
with the current value from nft_handle. Then in preparation phase,
update nft_handle's error.lineno with the value from the current
nft_cmd.
This serves two purposes:
* Allocated batch objects (obj_update) get the right lineno value
instead of the COMMIT one.
* Any error during preparation may be reported with line number. Do this
and change the relevant fprintf() call to use nft_handle's lineno
instead of the global 'line' variable.
With this change, cryptic iptables-nft-restore error messages should
finally be gone:
| # iptables-nft-restore <<EOF
| *filter
| -A nonexist
| COMMIT
| EOF
| iptables-nft-restore: line 2 failed: No chain/target/match by that name.
Signed-off-by: Phil Sutter <phil@nwl.cc>
struct nft_cmd *cmd;
cmd = xtables_calloc(1, sizeof(struct nft_cmd));
+ cmd->error.lineno = h->error.lineno;
cmd->command = command;
cmd->table = xtables_strdup(table);
if (chain)
struct xt_counters counters;
const char *rename;
int counters_save;
+ struct {
+ unsigned int lineno;
+ } error;
};
struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
nft_cache_build(h);
list_for_each_entry_safe(cmd, next, &h->cmd_list, head) {
+ h->error.lineno = cmd->error.lineno;
+
switch (cmd->command) {
case NFT_COMPAT_TABLE_FLUSH:
ret = nft_table_flush(h, cmd->table);
return;
if (!ret) {
fprintf(stderr, "%s: line %u failed",
- xt_params->program_name, line);
+ xt_params->program_name, h->error.lineno);
if (errno)
fprintf(stderr, ": %s.", nft_strerror(errno));
fprintf(stderr, "\n");
projects / thirdparty / iptables.git / commitdiff
