Hi Pablo, On Thu, Nov 16, 2017 at 02:33:32PM +0100, Pablo Neira Ayuso wrote: > On Mon, Nov 13, 2017 at 03:08:16PM +0100, Phil Sutter wrote: > > Apart from SUCCESS/FAILURE, these codes were not used by library > > functions simply because NOMEM and NONL conditions lead to calling > > exit() instead of propagating the error condition back up the call > > stack. > > > > Instead, make nft_run_cmd_from_*() return either 0 or -1 on error. > > Usually errno will then contain more details about what happened and/or > > there are messages in erec. > > > > Calls to exit()/return in main() are adjusted to stay compatible. > > Also applied, thanks. > > BTW, I think you mentioned you planned to change all > memory_allocation_error() to pass up the error to the client > application. > > Let me know, if you don't have time for this, no worries if too busy. I looked into it once, but didn't pursue much further. This requires some effort, since code everywhere just assumes (e.g.) memory allocation to succeed so there is no error path at all in many places. OTOH, I wasn't sure whether adding this is feasible at all - if memory allocation fails, we're usually in big trouble and error propagation might not work anymore as well (e.g. allocation of erec items). Sure, bugs like 'malloc(-1)' would be handled properly, of course. Not sure about netlink errors: Ideally, the library would check this early (e.g. during context allocation), but of course syscalls like socket() could still fail later. Cheers, Phil -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html