If a line causes zero 'ret' value and errno is set, call nft_strerror()
for a more detailed error message. While not perfect, it helps with
debugging ominous "line NN failed" messages pointing at COMMIT:
| # iptables-nft-restore <<EOF
| *filter
| -A nonexist
| COMMIT
| EOF
| iptables-nft-restore: line 3 failed: No chain/target/match by that name.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/xtables-restore.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 1363f96ae0eb9..052a80c2b9586 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -249,8 +249,11 @@ static void xtables_restore_parse_line(struct nft_handle *h,
(strcmp(p->tablename, state->curtable->name) != 0))
return;
if (!ret) {
- fprintf(stderr, "%s: line %u failed\n",
+ fprintf(stderr, "%s: line %u failed",
xt_params->program_name, line);
+ if (errno)
+ fprintf(stderr, ": %s.", nft_strerror(errno));
+ fprintf(stderr, "\n");
exit(1);
}
}
--
2.34.1
