@@ -928,6 +928,7 @@
On success, nftables exits with a status of 0. Unspecified
errors cause it to exit with a status of 1, memory allocation
errors with a status of 2.
+ If unable to open Netlink socket, the return code is 3.
</para>
</refsect1>
@@ -138,6 +138,7 @@ extern void netlink_dump_set(struct nft_set *nls);
extern int netlink_batch_send(struct list_head *err_list);
extern int netlink_io_error(struct netlink_ctx *ctx,
const struct location *loc, const char *fmt, ...);
+extern void netlink_open_error(void) __noreturn;
extern struct nft_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx,
const struct handle *h,
@@ -39,6 +39,7 @@ enum nftables_exit_codes {
NFT_EXIT_SUCCESS = 0,
NFT_EXIT_FAILURE = 1,
NFT_EXIT_NOMEM = 2,
+ NFT_EXIT_NONL = 3,
};
struct input_descriptor;
@@ -15,6 +15,7 @@
#include <libmnl/libmnl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <stdlib.h>
#include <libnftnl/table.h>
#include <libnftnl/chain.h>
@@ -46,7 +47,7 @@ static void __init netlink_open_sock(void)
{
nf_sock = mnl_socket_open(NETLINK_NETFILTER);
if (nf_sock == NULL)
- memory_allocation_error();
+ netlink_open_error();
fcntl(mnl_socket_get_fd(nf_sock), F_SETFL, O_NONBLOCK);
mnl_batch_init();
@@ -73,6 +74,13 @@ int netlink_io_error(struct netlink_ctx *ctx, const struct location *loc,
return -1;
}
+void __noreturn netlink_open_error(void)
+{
+ fprintf(stderr, "E: Unable to open Netlink socket: %s\n",
+ strerror(errno));
+ exit(NFT_EXIT_NONL);
+}
+
struct nft_table *alloc_nft_table(const struct handle *h)
{
struct nft_table *nlt;
This patch adds a simple helper function to report errors while opening the Netlink socket. To help users to diagnose problems, a new NFT_EXIT_NONL exit code is included, which is 3. Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> --- doc/nftables.xml | 1 + include/netlink.h | 1 + include/nftables.h | 1 + src/netlink.c | 10 +++++++++- 4 files changed, 12 insertions(+), 1 deletion(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html