* [PATCH 1/2] Removed duplicated code in netlink.c
@ 2014-06-10 14:54 Hendrik Schwartke
2014-06-10 14:54 ` [PATCH 2/2] Enhanced error message which is displayed if an error occured while creating a chain Hendrik Schwartke
2014-06-10 15:02 ` [PATCH 1/2] Removed duplicated code in netlink.c Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Hendrik Schwartke @ 2014-06-10 14:54 UTC (permalink / raw)
To: netfilter-devel; +Cc: Hendrik Schwartke
---
src/netlink.c | 614 ++++++++++++++++-----------------------------------------
1 file changed, 166 insertions(+), 448 deletions(-)
diff --git a/src/netlink.c b/src/netlink.c
index 2e7c572..1b174bd 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -473,179 +473,80 @@ void netlink_dump_chain(struct nft_chain *nlc)
#endif
}
-static int netlink_add_chain_compat(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc,
- const struct chain *chain, bool excl)
-{
- struct nft_chain *nlc;
- int err;
-
- nlc = alloc_nft_chain(h);
- if (chain != NULL && chain->flags & CHAIN_F_BASECHAIN) {
- nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM,
- chain->hooknum);
- nft_chain_attr_set_s32(nlc, NFT_CHAIN_ATTR_PRIO,
- chain->priority);
- nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_TYPE,
- chain->type);
- }
- netlink_dump_chain(nlc);
- err = mnl_nft_chain_add(nf_sock, nlc, excl ? NLM_F_EXCL : 0);
- nft_chain_free(nlc);
-
- if (err < 0)
- netlink_io_error(ctx, loc, "Could not add chain: %s",
- strerror(errno));
- return err;
-}
-
-static int netlink_add_chain_batch(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc,
- const struct chain *chain, bool excl)
-{
- struct nft_chain *nlc;
- int err;
-
- nlc = alloc_nft_chain(h);
- if (chain != NULL && chain->flags & CHAIN_F_BASECHAIN) {
- nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM,
- chain->hooknum);
- nft_chain_attr_set_s32(nlc, NFT_CHAIN_ATTR_PRIO,
- chain->priority);
- nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_TYPE,
- chain->type);
- }
- netlink_dump_chain(nlc);
- err = mnl_nft_chain_batch_add(nf_sock, nlc, excl ? NLM_F_EXCL : 0,
- ctx->seqnum);
- nft_chain_free(nlc);
-
- if (err < 0) {
- netlink_io_error(ctx, loc, "Could not add chain: %s",
- strerror(errno));
- }
- return err;
-}
-
int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc, const struct chain *chain,
bool excl)
{
- int ret;
-
- if (ctx->batch_supported)
- ret = netlink_add_chain_batch(ctx, h, loc, chain, excl);
- else
- ret = netlink_add_chain_compat(ctx, h, loc, chain, excl);
-
- return ret;
-}
-
-static int netlink_rename_chain_compat(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc,
- const char *name)
-{
- struct nft_chain *nlc;
- int err;
-
- nlc = alloc_nft_chain(h);
- nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_NAME, name);
- netlink_dump_chain(nlc);
- err = mnl_nft_chain_add(nf_sock, nlc, 0);
- nft_chain_free(nlc);
- if (err < 0)
- netlink_io_error(ctx, loc, "Could not rename chain: %s",
- strerror(errno));
- return err;
-}
-
-static int netlink_rename_chain_batch(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc,
- const char *name)
-{
- struct nft_chain *nlc;
- int err;
-
- nlc = alloc_nft_chain(h);
- nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_NAME, name);
- netlink_dump_chain(nlc);
- err = mnl_nft_chain_batch_add(nf_sock, nlc, 0, ctx->seqnum);
- nft_chain_free(nlc);
-
- if (err < 0) {
- netlink_io_error(ctx, loc, "Could not rename chain: %s",
- strerror(errno));
- }
- return err;
+ struct nft_chain *nlc;
+ int err;
+ unsigned int flags = excl ? NLM_F_EXCL : 0;
+
+ nlc = alloc_nft_chain(h);
+ if (chain != NULL && chain->flags & CHAIN_F_BASECHAIN) {
+ nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM,
+ chain->hooknum);
+ nft_chain_attr_set_s32(nlc, NFT_CHAIN_ATTR_PRIO,
+ chain->priority);
+ nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_TYPE,
+ chain->type);
+ }
+ netlink_dump_chain(nlc);
+ if (ctx->batch_supported)
+ err = mnl_nft_chain_batch_add(nf_sock, nlc, flags,
+ ctx->seqnum);
+ else
+ err = mnl_nft_chain_add(nf_sock, nlc, flags);
+ nft_chain_free(nlc);
+
+ if (err < 0) {
+ netlink_io_error(ctx, loc, "Could not add chain: %s",
+ strerror(errno));
+ }
+ return err;
}
int netlink_rename_chain(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc, const char *name)
{
- int ret;
-
- if (ctx->batch_supported)
- ret = netlink_rename_chain_batch(ctx, h, loc, name);
- else
- ret = netlink_rename_chain_compat(ctx, h, loc, name);
-
- return ret;
-}
-
-static int netlink_del_chain_compat(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc)
-{
- struct nft_chain *nlc;
- int err;
-
- nlc = alloc_nft_chain(h);
- netlink_dump_chain(nlc);
- err = mnl_nft_chain_delete(nf_sock, nlc, 0);
- nft_chain_free(nlc);
-
- if (err < 0) {
- netlink_io_error(ctx, loc, "Could not delete chain: %s",
- strerror(errno));
- }
- return err;
-}
-
-static int netlink_del_chain_batch(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc)
-{
- struct nft_chain *nlc;
- int err;
+ struct nft_chain *nlc;
+ int err;
- nlc = alloc_nft_chain(h);
- netlink_dump_chain(nlc);
- err = mnl_nft_chain_batch_del(nf_sock, nlc, 0, ctx->seqnum);
- nft_chain_free(nlc);
+ nlc = alloc_nft_chain(h);
+ nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_NAME, name);
+ netlink_dump_chain(nlc);
+ if (ctx->batch_supported)
+ err = mnl_nft_chain_batch_add(nf_sock, nlc, 0, ctx->seqnum);
+ else
+ err = mnl_nft_chain_add(nf_sock, nlc, 0);
+ nft_chain_free(nlc);
- if (err < 0) {
- netlink_io_error(ctx, loc, "Could not delete chain: %s",
- strerror(errno));
- }
- return err;
+ if (err < 0)
+ netlink_io_error(ctx, loc, "Could not rename chain: %s",
+ strerror(errno));
+ return err;
}
int netlink_delete_chain(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc)
{
- int ret;
+ struct nft_chain *nlc;
+ int err;
- if (ctx->batch_supported)
- ret = netlink_del_chain_batch(ctx, h, loc);
- else
- ret = netlink_del_chain_compat(ctx, h, loc);
+ nlc = alloc_nft_chain(h);
+ netlink_dump_chain(nlc);
+ if (ctx->batch_supported)
+ err = mnl_nft_chain_batch_del(nf_sock, nlc, 0, ctx->seqnum);
+ else
+ err = mnl_nft_chain_delete(nf_sock, nlc, 0);
+
+ nft_chain_free(nlc);
- return ret;
+ if (err < 0) {
+ netlink_io_error(ctx, loc, "Could not delete chain: %s",
+ strerror(errno));
+ }
+ return err;
}
static struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
@@ -762,104 +663,45 @@ int netlink_flush_chain(struct netlink_ctx *ctx, const struct handle *h,
return netlink_del_rule_batch(ctx, h, loc);
}
-static int netlink_add_table_compat(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc,
- const struct table *table, bool excl)
-{
- struct nft_table *nlt;
- int err;
-
- nlt = alloc_nft_table(h);
- err = mnl_nft_table_add(nf_sock, nlt, excl ? NLM_F_EXCL : 0);
- nft_table_free(nlt);
-
- if (err < 0)
- netlink_io_error(ctx, loc, "Could not add table: %s",
- strerror(errno));
- return err;
-}
-
-static int netlink_add_table_batch(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc,
- const struct table *table, bool excl)
-{
- struct nft_table *nlt;
- int err;
-
- nlt = alloc_nft_table(h);
- err = mnl_nft_table_batch_add(nf_sock, nlt, excl ? NLM_F_EXCL : 0,
- ctx->seqnum);
- nft_table_free(nlt);
-
- if (err < 0) {
- netlink_io_error(ctx, loc, "Could not add table: %s",
- strerror(errno));
- }
- return err;
-}
-
int netlink_add_table(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc,
const struct table *table, bool excl)
{
- int ret;
+ struct nft_table *nlt;
+ int err;
+ unsigned int flags = excl ? NLM_F_EXCL : 0;
- if (ctx->batch_supported)
- ret = netlink_add_table_batch(ctx, h, loc, table, excl);
- else
- ret = netlink_add_table_compat(ctx, h, loc, table, excl);
+ nlt = alloc_nft_table(h);
+ if (ctx->batch_supported)
+ err = mnl_nft_table_batch_add(nf_sock, nlt, flags,
+ ctx->seqnum);
+ else
+ err = mnl_nft_table_add(nf_sock, nlt, flags);
+ nft_table_free(nlt);
- return ret;
-}
-
-static int netlink_del_table_compat(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc)
-{
- struct nft_table *nlt;
- int err;
-
- nlt = alloc_nft_table(h);
- err = mnl_nft_table_delete(nf_sock, nlt, 0);
- nft_table_free(nlt);
-
- if (err < 0)
- netlink_io_error(ctx, loc, "Could not delete table: %s",
- strerror(errno));
- return err;
-}
-
-static int netlink_del_table_batch(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc)
-{
- struct nft_table *nlt;
- int err;
-
- nlt = alloc_nft_table(h);
- err = mnl_nft_table_batch_del(nf_sock, nlt, 0, ctx->seqnum);
- nft_table_free(nlt);
-
- if (err < 0) {
- netlink_io_error(ctx, loc, "Could not delete table: %s",
- strerror(errno));
- }
- return err;
+ if (err < 0)
+ netlink_io_error(ctx, loc, "Could not add table: %s",
+ strerror(errno));
+ return err;
}
int netlink_delete_table(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc)
{
- int ret;
+ struct nft_table *nlt;
+ int err;
- if (ctx->batch_supported)
- ret = netlink_del_table_batch(ctx, h, loc);
- else
- ret = netlink_del_table_compat(ctx, h, loc);
+ nlt = alloc_nft_table(h);
+ if (ctx->batch_supported)
+ err = mnl_nft_table_batch_del(nf_sock, nlt, 0, ctx->seqnum);
+ else
+ err = mnl_nft_table_delete(nf_sock, nlt, 0);
+ nft_table_free(nlt);
- return ret;
+ if (err < 0)
+ netlink_io_error(ctx, loc, "Could not delete table: %s",
+ strerror(errno));
+ return err;
}
void netlink_dump_table(struct nft_table *nlt)
@@ -1030,131 +872,68 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
return set;
}
-static int netlink_add_set_compat(struct netlink_ctx *ctx,
- const struct handle *h, struct set *set)
-{
- struct nft_set *nls;
- int err;
-
- nls = alloc_nft_set(h);
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_FLAGS, set->flags);
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_TYPE,
- dtype_map_to_kernel(set->keytype));
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_LEN,
- set->keylen / BITS_PER_BYTE);
- if (set->flags & NFT_SET_MAP) {
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_TYPE,
- dtype_map_to_kernel(set->datatype));
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_LEN,
- set->datalen / BITS_PER_BYTE);
- }
- netlink_dump_set(nls);
-
- err = mnl_nft_set_add(nf_sock, nls, NLM_F_EXCL | NLM_F_ECHO);
- if (err < 0)
- netlink_io_error(ctx, &set->location, "Could not add set: %s",
- strerror(errno));
-
- set->handle.set =
- xstrdup(nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME));
- nft_set_free(nls);
-
- return err;
-}
-
-/* internal ID to uniquely identify a set in the batch */
-static uint32_t set_id;
-
-static int netlink_add_set_batch(struct netlink_ctx *ctx,
- const struct handle *h, struct set *set)
-{
- struct nft_set *nls;
- int err;
-
- nls = alloc_nft_set(h);
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_FLAGS, set->flags);
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_TYPE,
- dtype_map_to_kernel(set->keytype));
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_LEN,
- set->keylen / BITS_PER_BYTE);
- if (set->flags & NFT_SET_MAP) {
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_TYPE,
- dtype_map_to_kernel(set->datatype));
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_LEN,
- set->datalen / BITS_PER_BYTE);
- }
- set->handle.set_id = ++set_id;
- nft_set_attr_set_u32(nls, NFT_SET_ATTR_ID, set->handle.set_id);
- netlink_dump_set(nls);
-
- err = mnl_nft_set_batch_add(nf_sock, nls, NLM_F_EXCL, ctx->seqnum);
- if (err < 0) {
- netlink_io_error(ctx, &set->location, "Could not add set: %s",
- strerror(errno));
- }
- nft_set_free(nls);
-
- return err;
-}
-
int netlink_add_set(struct netlink_ctx *ctx, const struct handle *h,
struct set *set)
{
- int ret;
-
- if (ctx->batch_supported)
- ret = netlink_add_set_batch(ctx, h, set);
- else
- ret = netlink_add_set_compat(ctx, h, set);
-
- return ret;
-}
-
-static int netlink_del_set_compat(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc)
-{
- struct nft_set *nls;
- int err;
-
- nls = alloc_nft_set(h);
- err = mnl_nft_set_delete(nf_sock, nls, 0);
- nft_set_free(nls);
-
- if (err < 0)
- netlink_io_error(ctx, loc, "Could not delete set: %s",
- strerror(errno));
- return err;
-}
-
-static int netlink_del_set_batch(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct location *loc)
-{
- struct nft_set *nls;
- int err;
-
- nls = alloc_nft_set(h);
- err = mnl_nft_set_batch_del(nf_sock, nls, 0, ctx->seqnum);
- nft_set_free(nls);
-
- if (err < 0)
- netlink_io_error(ctx, loc, "Could not delete set: %s",
- strerror(errno));
- return err;
+ struct nft_set *nls;
+ int err;
+
+ nls = alloc_nft_set(h);
+ nft_set_attr_set_u32(nls, NFT_SET_ATTR_FLAGS, set->flags);
+ nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_TYPE,
+ dtype_map_to_kernel(set->keytype));
+ nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_LEN,
+ set->keylen / BITS_PER_BYTE);
+ if (set->flags & NFT_SET_MAP) {
+ nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_TYPE,
+ dtype_map_to_kernel(set->datatype));
+ nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_LEN,
+ set->datalen / BITS_PER_BYTE);
+ }
+
+ if (ctx->batch_supported) {
+ /* internal ID to uniquely identify a set in the batch */
+ static uint32_t set_id = 0;
+
+ set->handle.set_id = ++set_id;
+ nft_set_attr_set_u32(nls, NFT_SET_ATTR_ID, set->handle.set_id);
+ netlink_dump_set(nls);
+ err = mnl_nft_set_batch_add(nf_sock, nls, NLM_F_EXCL,
+ ctx->seqnum);
+ } else {
+ netlink_dump_set(nls);
+ err = mnl_nft_set_add(nf_sock, nls, NLM_F_EXCL | NLM_F_ECHO);
+ set->handle.set =
+ xstrdup(nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME));
+ }
+
+ if (err < 0) {
+ netlink_io_error(ctx, &set->location, "Could not add set: %s",
+ strerror(errno));
+ }
+ nft_set_free(nls);
+
+ return err;
}
int netlink_delete_set(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc)
{
- int ret;
- if (ctx->batch_supported)
- ret = netlink_del_set_batch(ctx, h, loc);
- else
- ret = netlink_del_set_compat(ctx, h, loc);
+ struct nft_set *nls;
+ int err;
- return ret;
+ nls = alloc_nft_set(h);
+ if (ctx->batch_supported)
+ err = mnl_nft_set_batch_del(nf_sock, nls, 0, ctx->seqnum);
+ else
+ err = mnl_nft_set_delete(nf_sock, nls, 0);
+ nft_set_free(nls);
+
+ if (err < 0)
+ netlink_io_error(ctx, loc, "Could not delete set: %s",
+ strerror(errno));
+ return err;
}
static int list_set_cb(struct nft_set *nls, void *arg)
@@ -1217,97 +996,27 @@ static void alloc_setelem_cache(const struct expr *set, struct nft_set *nls)
}
}
-static int netlink_add_setelems_batch(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct expr *expr)
-{
- struct nft_set *nls;
- int err;
-
- nls = alloc_nft_set(h);
- alloc_setelem_cache(expr, nls);
- netlink_dump_set(nls);
-
- err = mnl_nft_setelem_batch_add(nf_sock, nls, 0, ctx->seqnum);
- nft_set_free(nls);
- if (err < 0)
- netlink_io_error(ctx, &expr->location,
- "Could not add set elements: %s",
- strerror(errno));
- return err;
-}
-
-static int netlink_add_setelems_compat(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct expr *expr)
-{
- struct nft_set *nls;
- int err;
-
- nls = alloc_nft_set(h);
- alloc_setelem_cache(expr, nls);
- netlink_dump_set(nls);
-
- err = mnl_nft_setelem_add(nf_sock, nls, 0);
- nft_set_free(nls);
- if (err < 0)
- netlink_io_error(ctx, &expr->location,
- "Could not add set elements: %s",
- strerror(errno));
- return err;
-}
-
int netlink_add_setelems(struct netlink_ctx *ctx, const struct handle *h,
const struct expr *expr)
{
- int ret;
+ struct nft_set *nls;
+ int err;
- if (ctx->batch_supported)
- ret = netlink_add_setelems_batch(ctx, h, expr);
- else
- ret = netlink_add_setelems_compat(ctx, h, expr);
+ nls = alloc_nft_set(h);
+ alloc_setelem_cache(expr, nls);
+ netlink_dump_set(nls);
- return ret;
-}
-
-static int netlink_del_setelems_batch(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct expr *expr)
-{
- struct nft_set *nls;
- int err;
-
- nls = alloc_nft_set(h);
- alloc_setelem_cache(expr, nls);
- netlink_dump_set(nls);
-
- err = mnl_nft_setelem_batch_del(nf_sock, nls, 0, ctx->seqnum);
- nft_set_free(nls);
- if (err < 0)
- netlink_io_error(ctx, &expr->location,
- "Could not delete set elements: %s",
- strerror(errno));
- return err;
-}
-
-static int netlink_del_setelems_compat(struct netlink_ctx *ctx,
- const struct handle *h,
- const struct expr *expr)
-{
- struct nft_set *nls;
- int err;
-
- nls = alloc_nft_set(h);
- alloc_setelem_cache(expr, nls);
- netlink_dump_set(nls);
-
- err = mnl_nft_setelem_delete(nf_sock, nls, 0);
- nft_set_free(nls);
- if (err < 0)
- netlink_io_error(ctx, &expr->location,
- "Could not delete set elements: %s",
- strerror(errno));
- return err;
+ if (ctx->batch_supported)
+ err = mnl_nft_setelem_batch_add(nf_sock, nls, 0,
+ ctx->seqnum);
+ else
+ err = mnl_nft_setelem_add(nf_sock, nls, 0);
+ nft_set_free(nls);
+ if (err < 0)
+ netlink_io_error(ctx, &expr->location,
+ "Could not add set elements: %s",
+ strerror(errno));
+ return err;
}
static int netlink_delinearize_setelem(struct nft_set_elem *nlse,
@@ -1360,14 +1069,23 @@ out:
int netlink_delete_setelems(struct netlink_ctx *ctx, const struct handle *h,
const struct expr *expr)
{
- int ret;
-
- if (ctx->batch_supported)
- ret = netlink_del_setelems_batch(ctx, h, expr);
- else
- ret = netlink_del_setelems_compat(ctx, h, expr);
-
- return ret;
+ struct nft_set *nls;
+ int err;
+
+ nls = alloc_nft_set(h);
+ alloc_setelem_cache(expr, nls);
+ netlink_dump_set(nls);
+
+ if (ctx->batch_supported)
+ err = mnl_nft_setelem_batch_del(nf_sock, nls, 0, ctx->seqnum);
+ else
+ err = mnl_nft_setelem_delete(nf_sock, nls, 0);
+ nft_set_free(nls);
+ if (err < 0)
+ netlink_io_error(ctx, &expr->location,
+ "Could not delete set elements: %s",
+ strerror(errno));
+ return err;
}
static int list_setelem_cb(struct nft_set_elem *nlse, void *arg)
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] Enhanced error message which is displayed if an error occured while creating a chain.
2014-06-10 14:54 [PATCH 1/2] Removed duplicated code in netlink.c Hendrik Schwartke
@ 2014-06-10 14:54 ` Hendrik Schwartke
2014-06-10 15:06 ` Pablo Neira Ayuso
2014-06-10 15:02 ` [PATCH 1/2] Removed duplicated code in netlink.c Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Hendrik Schwartke @ 2014-06-10 14:54 UTC (permalink / raw)
To: netfilter-devel; +Cc: Hendrik Schwartke
Creating a base chain which depends on unsupported kernel features
(e.g. creating a chain with a nat hook without loading the nat
kernel module) results in a confusing error message.
This patch added a meaningful hint.
---
src/netlink.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/netlink.c b/src/netlink.c
index 1b174bd..d4a71b8 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -480,10 +480,11 @@ int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
struct nft_chain *nlc;
int err;
+ int is_basechain = chain != NULL && chain->flags & CHAIN_F_BASECHAIN;
unsigned int flags = excl ? NLM_F_EXCL : 0;
nlc = alloc_nft_chain(h);
- if (chain != NULL && chain->flags & CHAIN_F_BASECHAIN) {
+ if (is_basechain) {
nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM,
chain->hooknum);
nft_chain_attr_set_s32(nlc, NFT_CHAIN_ATTR_PRIO,
@@ -500,8 +501,13 @@ int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
nft_chain_free(nlc);
if (err < 0) {
- netlink_io_error(ctx, loc, "Could not add chain: %s",
- strerror(errno));
+ const char *expl="";
+ if(is_basechain && errno==ENOENT)
+ expl=" - perhaps some kernel modules are not"
+ " loaded or the kernel doesn't include"
+ " necessary features.";
+ netlink_io_error(ctx, loc, "Could not add chain: %s%s",
+ strerror(errno), expl);
}
return err;
}
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] Removed duplicated code in netlink.c
2014-06-10 14:54 [PATCH 1/2] Removed duplicated code in netlink.c Hendrik Schwartke
2014-06-10 14:54 ` [PATCH 2/2] Enhanced error message which is displayed if an error occured while creating a chain Hendrik Schwartke
@ 2014-06-10 15:02 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2014-06-10 15:02 UTC (permalink / raw)
To: Hendrik Schwartke; +Cc: netfilter-devel
On Tue, Jun 10, 2014 at 04:54:46PM +0200, Hendrik Schwartke wrote:
> - return err;
> + struct nft_chain *nlc;
^^^^^^^^
Please, fix coding style and resend. This needs to follow Linux kernel
8-chars tab indent. Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] Enhanced error message which is displayed if an error occured while creating a chain.
2014-06-10 14:54 ` [PATCH 2/2] Enhanced error message which is displayed if an error occured while creating a chain Hendrik Schwartke
@ 2014-06-10 15:06 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2014-06-10 15:06 UTC (permalink / raw)
To: Hendrik Schwartke; +Cc: netfilter-devel
On Tue, Jun 10, 2014 at 04:54:47PM +0200, Hendrik Schwartke wrote:
> Creating a base chain which depends on unsupported kernel features
> (e.g. creating a chain with a nat hook without loading the nat
> kernel module) results in a confusing error message.
> This patch added a meaningful hint.
>
> @@ -500,8 +501,13 @@ int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
> nft_chain_free(nlc);
>
> if (err < 0) {
> - netlink_io_error(ctx, loc, "Could not add chain: %s",
> - strerror(errno));
> + const char *expl="";
> + if(is_basechain && errno==ENOENT)
> + expl=" - perhaps some kernel modules are not"
> + " loaded or the kernel doesn't include"
> + " necessary features.";
I prefer to add this in the FAQ section in the nftables HOWTO [1] to
troubleshooting. I can create an account for you, so you can edit that
yourself.
[1] http://wiki.nftables.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-06-10 15:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-10 14:54 [PATCH 1/2] Removed duplicated code in netlink.c Hendrik Schwartke
2014-06-10 14:54 ` [PATCH 2/2] Enhanced error message which is displayed if an error occured while creating a chain Hendrik Schwartke
2014-06-10 15:06 ` Pablo Neira Ayuso
2014-06-10 15:02 ` [PATCH 1/2] Removed duplicated code in netlink.c Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).