raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-06 10:00:17 +00:00
Code Issues Projects Releases Wiki Activity

netfilter: nf_tables: missing error reporting for not selected expressions

Browse Source 
commit c781471d67 upstream.

Sometimes users forget to turn on nftables extensions from Kconfig that
they need. In such case, the error reporting from userspace is
misleading:

 $ sudo nft add rule x y counter
 Error: Could not process rule: No such file or directory
 add rule x y counter
 ^^^^^^^^^^^^^^^^^^^^

Add missing NL_SET_BAD_ATTR() to provide a hint:

 $ nft add rule x y counter
 Error: Could not process rule: No such file or directory
 add rule x y counter
              ^^^^^^^

Fixes: 83d9dcba06 ("netfilter: nf_tables: extended netlink error reporting for expressions")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Pablo Neira Ayuso
2021-05-19 13:32:20 +02:00
committed by Greg Kroah-Hartman
parent eddf2d9f76
commit 316de9a88c
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
net/netfilter/nf_tables_api.c
View File

@@ -3263,8 +3263,10 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk,
if (n == NFT_RULE_MAXEXPRS) if (n == NFT_RULE_MAXEXPRS)
goto err1; goto err1;
err = nf_tables_expr_parse(&ctx, tmp, &info[n]); err = nf_tables_expr_parse(&ctx, tmp, &info[n]);
if (err < 0) if (err < 0) {
NL_SET_BAD_ATTR(extack, tmp);
goto err1; goto err1;
}
size += info[n].ops->size; size += info[n].ops->size;
n++; n++;
} }