Introduce the same embedded 'error' struct in nft_cmd and initialize it with the current value from nft_handle. Then in preparation phase, update nft_handle's error.lineno with the value from the current nft_cmd. This serves two purposes: * Allocated batch objects (obj_update) get the right lineno value instead of the COMMIT one. * Any error during preparation may be reported with line number. Do this and change the relevant fprintf() call to use nft_handle's lineno instead of the global 'line' variable. With this change, cryptic iptables-nft-restore error messages should finally be gone: | # iptables-nft-restore <<EOF | *filter | -A nonexist | COMMIT | EOF | iptables-nft-restore: line 2 failed: No chain/target/match by that name. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft-cmd.c | 1 + iptables/nft-cmd.h | 3 +++ iptables/nft.c | 2 ++ iptables/xtables-restore.c | 2 +- 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index fcd01bd02831c..f16ea0e6eaf8b 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -24,6 +24,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, struct nft_cmd *cmd; cmd = xtables_calloc(1, sizeof(struct nft_cmd)); + cmd->error.lineno = h->error.lineno; cmd->command = command; cmd->table = xtables_strdup(table); if (chain) diff --git a/iptables/nft-cmd.h b/iptables/nft-cmd.h index b5a99ef74ad9c..c0f8463657cdd 100644 --- a/iptables/nft-cmd.h +++ b/iptables/nft-cmd.h @@ -24,6 +24,9 @@ struct nft_cmd { struct xt_counters counters; const char *rename; int counters_save; + struct { + unsigned int lineno; + } error; }; struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, diff --git a/iptables/nft.c b/iptables/nft.c index ee003511ab7f3..fd55250697916 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -3360,6 +3360,8 @@ static int nft_prepare(struct nft_handle *h) nft_cache_build(h); list_for_each_entry_safe(cmd, next, &h->cmd_list, head) { + h->error.lineno = cmd->error.lineno; + switch (cmd->command) { case NFT_COMPAT_TABLE_FLUSH: ret = nft_table_flush(h, cmd->table); diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 052a80c2b9586..c9d4ffbf8405d 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -250,7 +250,7 @@ static void xtables_restore_parse_line(struct nft_handle *h, return; if (!ret) { fprintf(stderr, "%s: line %u failed", - xt_params->program_name, line); + xt_params->program_name, h->error.lineno); if (errno) fprintf(stderr, ": %s.", nft_strerror(errno)); fprintf(stderr, "\n"); -- 2.34.1