diff mbox

[2/2] Enhanced error message which is displayed if an error occured while creating a chain.

Message ID 1402412087-9825-2-git-send-email-hendrik@os-t.de
State Not Applicable
Headers show

Commit Message

Hendrik Schwartke June 10, 2014, 2:54 p.m. UTC 
Creating a base chain which depends on unsupported kernel features
(e.g. creating a chain with a nat hook without loading the nat
kernel module) results in a confusing error message.
This patch added a meaningful hint.
---
 src/netlink.c |   12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

Comments

Pablo Neira Ayuso June 10, 2014, 3:06 p.m. UTC | #1 
On Tue, Jun 10, 2014 at 04:54:47PM +0200, Hendrik Schwartke wrote:
> Creating a base chain which depends on unsupported kernel features
> (e.g. creating a chain with a nat hook without loading the nat
> kernel module) results in a confusing error message.
> This patch added a meaningful hint.
>
> @@ -500,8 +501,13 @@ int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
>          nft_chain_free(nlc);
>  
>          if (err < 0) {
> -                netlink_io_error(ctx, loc, "Could not add chain: %s",
> -                                 strerror(errno));
> +                const char *expl="";
> +                if(is_basechain && errno==ENOENT)
> +                        expl=" - perhaps some kernel modules are not"
> +                             " loaded or the kernel doesn't include"
> +                             " necessary features.";

I prefer to add this in the FAQ section in the nftables HOWTO [1] to
troubleshooting. I can create an account for you, so you can edit that
yourself.

[1] http://wiki.nftables.org/
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/src/netlink.c b/src/netlink.c
index 1b174bd..d4a71b8 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -480,10 +480,11 @@  int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
 
         struct nft_chain *nlc;
         int err;
+        int is_basechain = chain != NULL && chain->flags & CHAIN_F_BASECHAIN;
         unsigned int flags = excl ? NLM_F_EXCL : 0;
 
         nlc = alloc_nft_chain(h);
-        if (chain != NULL && chain->flags & CHAIN_F_BASECHAIN) {
+        if (is_basechain) {
                 nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM,
                                        chain->hooknum);
                 nft_chain_attr_set_s32(nlc, NFT_CHAIN_ATTR_PRIO,
@@ -500,8 +501,13 @@  int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
         nft_chain_free(nlc);
 
         if (err < 0) {
-                netlink_io_error(ctx, loc, "Could not add chain: %s",
-                                 strerror(errno));
+                const char *expl="";
+                if(is_basechain && errno==ENOENT)
+                        expl=" - perhaps some kernel modules are not"
+                             " loaded or the kernel doesn't include"
+                             " necessary features.";
+                netlink_io_error(ctx, loc, "Could not add chain: %s%s",
+                                 strerror(errno), expl);
         }
         return err;
 }