[iptables PATCH] nft: Expand extended error reporting to nft_cmd, too

Phil Sutter <phil@xxxxxx> · Fri, 26 Aug 2022 17:02:50 +0200

Introduce the same embedded 'error' struct in nft_cmd and initialize it
with the current value from nft_handle. Then in preparation phase,
update nft_handle's error.lineno with the value from the current
nft_cmd.

This serves two purposes:

* Allocated batch objects (obj_update) get the right lineno value
  instead of the COMMIT one.

* Any error during preparation may be reported with line number. Do this
  and change the relevant fprintf() call to use nft_handle's lineno
  instead of the global 'line' variable.

With this change, cryptic iptables-nft-restore error messages should
finally be gone:

| # iptables-nft-restore <<EOF
| *filter
| -A nonexist
| COMMIT
| EOF
| iptables-nft-restore: line 2 failed: No chain/target/match by that name.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft-cmd.c         | 1 +
 iptables/nft-cmd.h         | 3 +++
 iptables/nft.c             | 2 ++
 iptables/xtables-restore.c | 2 +-
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index fcd01bd02831c..f16ea0e6eaf8b 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -24,6 +24,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
 	struct nft_cmd *cmd;
 
 	cmd = xtables_calloc(1, sizeof(struct nft_cmd));
+	cmd->error.lineno = h->error.lineno;
 	cmd->command = command;
 	cmd->table = xtables_strdup(table);
 	if (chain)
diff --git a/iptables/nft-cmd.h b/iptables/nft-cmd.h
index b5a99ef74ad9c..c0f8463657cdd 100644
--- a/iptables/nft-cmd.h
+++ b/iptables/nft-cmd.h
@@ -24,6 +24,9 @@ struct nft_cmd {
 	struct xt_counters		counters;
 	const char			*rename;
 	int				counters_save;
+	struct {
+		unsigned int		lineno;
+	} error;
 };
 
 struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
diff --git a/iptables/nft.c b/iptables/nft.c
index ee003511ab7f3..fd55250697916 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3360,6 +3360,8 @@ static int nft_prepare(struct nft_handle *h)
 	nft_cache_build(h);
 
 	list_for_each_entry_safe(cmd, next, &h->cmd_list, head) {
+		h->error.lineno = cmd->error.lineno;
+
 		switch (cmd->command) {
 		case NFT_COMPAT_TABLE_FLUSH:
 			ret = nft_table_flush(h, cmd->table);
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 052a80c2b9586..c9d4ffbf8405d 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -250,7 +250,7 @@ static void xtables_restore_parse_line(struct nft_handle *h,
 		return;
 	if (!ret) {
 		fprintf(stderr, "%s: line %u failed",
-				xt_params->program_name, line);
+				xt_params->program_name, h->error.lineno);
 		if (errno)
 			fprintf(stderr,	": %s.", nft_strerror(errno));
 		fprintf(stderr, "\n");
-- 
2.34.1







