Creating a base chain which depends on unsupported kernel features
(e.g. creating a chain with a nat hook without loading the nat
kernel module) results in a confusing error message.
This patch added a meaningful hint.
---
src/netlink.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/netlink.c b/src/netlink.c
index 1b174bd..d4a71b8 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -480,10 +480,11 @@ int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
struct nft_chain *nlc;
int err;
+ int is_basechain = chain != NULL && chain->flags & CHAIN_F_BASECHAIN;
unsigned int flags = excl ? NLM_F_EXCL : 0;
nlc = alloc_nft_chain(h);
- if (chain != NULL && chain->flags & CHAIN_F_BASECHAIN) {
+ if (is_basechain) {
nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM,
chain->hooknum);
nft_chain_attr_set_s32(nlc, NFT_CHAIN_ATTR_PRIO,
@@ -500,8 +501,13 @@ int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
nft_chain_free(nlc);
if (err < 0) {
- netlink_io_error(ctx, loc, "Could not add chain: %s",
- strerror(errno));
+ const char *expl="";
+ if(is_basechain && errno==ENOENT)
+ expl=" - perhaps some kernel modules are not"
+ " loaded or the kernel doesn't include"
+ " necessary features.";
+ netlink_io_error(ctx, loc, "Could not add chain: %s%s",
+ strerror(errno), expl);
}
return err;
}
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
