| Message ID | 20180523213024.24468-1-fw@strlen.de |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [nft] src: netlink_delinarize: don't stop when encountering unsupported expression | expand |
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 8f4035a291f4..9db609617177 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1337,7 +1337,7 @@ static int netlink_parse_expr(const struct nftnl_expr *nle, } netlink_error(ctx, &loc, "unknown expression type '%s'", type); - return -1; + return 0; } static int netlink_parse_rule_expr(struct nftnl_expr *nle, void *arg)
The error message is still shown, but try to make sense of further expressions (if any). I tried to replace the expression by a textual representation. Two variants I tested are: 1. append as comment: ip saddr 127.0.0.2 drop comment "unknown expression 'foo'" This allows nft -f, but it adds/alters a comment. 2. substitute in-place (i.e., add a constant expression with the error message instead of 'unkown' message: unknown expression "foo" ip saddr 127.0.0.2 drop This won't allow 'nft -f' however. I'm not sure this is a problem, in any case we lose information if we can't find an expression (e.g. added by newer version). Signed-off-by: Florian Westphal <fw@strlen.de> --- src/netlink_delinearize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)