| Message ID | 1469008704-22989-1-git-send-email-fw@strlen.de |
|---|---|
| State | Changes Requested |
| Delegated to: | Pablo Neira |
| Headers | show |
On Wed, Jul 20, 2016 at 11:58:24AM +0200, Florian Westphal wrote: > Pablo suggested to print full config file path for connlabel.conf > parsing errors. > > Signed-off-by: Florian Westphal <fw@strlen.de> > --- > Pablo, > > I could also add the suggested nfct_labels_get_path() to lnf_conntrack > but that means next iptables-release depends on a new library version. > Given this name is set in stone anyway I would prefer this patch instead. > > Let me know, thanks. > I will send a separate patch to change nftables location. We'll have a release of iptables 1.6.1 soon. Pablo Bermudo is working on making sure that the interaction between nftables and iptables-compat is fine. And libnetfilter_conntrack is coming with IPv6 NAT support. So I can schedule a release before end of this week / beginning next weekend with accumulated updates so this comes in the next release. Thanks for working on this! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso <pablo@netfilter.org> wrote: > And libnetfilter_conntrack is coming with IPv6 NAT support. Ah, I forgot about this. > So I can schedule a release before end of this week / beginning next > weekend with accumulated updates so this comes in the next release. Ok, I will send a patch for lnf-conntrack and iptables later today. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c index 7e4ff26..728f6ac 100644 --- a/extensions/libxt_connlabel.c +++ b/extensions/libxt_connlabel.c @@ -34,6 +34,8 @@ static const struct xt_option_entry connlabel_mt_opts[] = { */ static void connlabel_open(void) { + static const char fname[]="/etc/xtables/connlabel.conf"; + if (map) return; @@ -43,10 +45,10 @@ static void connlabel_open(void) if (errno) { xtables_error(RESOURCE_PROBLEM, - "cannot open connlabel.conf: %s", strerror(errno)); + "cannot open %s: %s", fname, strerror(errno)); } else { xtables_error(RESOURCE_PROBLEM, - "cannot parse label, maybe valid label map is empty"); + "cannot parse %s: no labels found", fname); } }
Pablo suggested to print full config file path for connlabel.conf parsing errors. Signed-off-by: Florian Westphal <fw@strlen.de> --- Pablo, I could also add the suggested nfct_labels_get_path() to lnf_conntrack but that means next iptables-release depends on a new library version. Given this name is set in stone anyway I would prefer this patch instead. Let me know, thanks. I will send a separate patch to change nftables location.