The error message is still shown, but try to make sense of further expressions (if any). I tried to replace the expression by a textual representation. Two variants I tested are: 1. append as comment: ip saddr 127.0.0.2 drop comment "unknown expression 'foo'" This allows nft -f, but it adds/alters a comment. 2. substitute in-place (i.e., add a constant expression with the error message instead of 'unkown' message: unknown expression "foo" ip saddr 127.0.0.2 drop This won't allow 'nft -f' however. I'm not sure this is a problem, in any case we lose information if we can't find an expression (e.g. added by newer version). Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- src/netlink_delinearize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 8f4035a291f4..9db609617177 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1337,7 +1337,7 @@ static int netlink_parse_expr(const struct nftnl_expr *nle, } netlink_error(ctx, &loc, "unknown expression type '%s'", type); - return -1; + return 0; } static int netlink_parse_rule_expr(struct nftnl_expr *nle, void *arg) -- 2.16.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
