From b833a39198d0d0dfaf780280cf700b1a046e42b5 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Tue, 16 Dec 2025 11:07:04 -0400 Subject: [PATCH] MT#55283 print readable msg for netlink errors closes #2039 Change-Id: If6c16d29482f16ed57b9059f3c13b23520b74cab --- daemon/nftables.c | 80 ++++++++++++++++++++++++++------------------- lib/netfilter_api.c | 4 +++ lib/netfilter_api.h | 1 + 3 files changed, 52 insertions(+), 33 deletions(-) diff --git a/daemon/nftables.c b/daemon/nftables.c index c54236eae..754e4bb10 100644 --- a/daemon/nftables.c +++ b/daemon/nftables.c @@ -173,13 +173,15 @@ static char *iterate_rules(nfapi_socket *nl, int family, const char *chain, nfapi_add_str_attr(b, NFTA_RULE_CHAIN, chain, "chain '%s'", chain); if (!nfapi_send_buf(nl, b)) - return g_strdup_printf("failed to write to netlink socket trying to read rules (%s)", - strerror(errno)); + return g_strdup_printf("failed to write to netlink socket trying to read rules (%s) " + "(attempted: \"%s\")", + strerror(errno), nfapi_buf_msg(b)); const char *err = nfapi_recv_iter(nl, &(nfapi_callbacks) { .rule = nftables_do_rule }, callbacks); if (err) - return g_strdup_printf("error received from netlink socket reading rules (%s): %s", - strerror(errno), err); + return g_strdup_printf("error received from netlink socket reading rules (%s): %s " + "(attempted: \"%s\")", + strerror(errno), err, nfapi_buf_msg(b)); if (callbacks->iterate_final) { char *e = callbacks->iterate_final(nl, family, chain, callbacks); @@ -215,13 +217,15 @@ static char *delete_rules(nfapi_socket *nl, int family, const char *chain, nfapi_batch_end(b); if (!nfapi_send_buf(nl, b)) - return g_strdup_printf("failed to write to netlink socket trying to delete rule (%s)", - strerror(errno)); + return g_strdup_printf("failed to write to netlink socket trying to delete rule (%s) " + "(attempted: \"%s\")", + strerror(errno), nfapi_buf_msg(b)); const char *err = nfapi_recv_iter(nl, NULL, NULL); if (err) - return g_strdup_printf("error received from netlink socket trying to delete rule (%s): %s", - strerror(errno), err); + return g_strdup_printf("error received from netlink socket trying to delete rule (%s): %s " + "(attempted: \"%s\")", + strerror(errno), err, nfapi_buf_msg(b)); return NULL; } @@ -264,7 +268,7 @@ static const char *nftables_do_chain(const int8_t *b, size_t l, void *userdata) } -static const char *chain_exists(nfapi_socket *nl, int family, const char *chain) { +static bool chain_exists(nfapi_socket *nl, int family, const char *chain) { g_autoptr(nfapi_buf) b = nfapi_buf_new(); nfapi_add_msg(b, NFT_MSG_GETCHAIN, family, NLM_F_REQUEST | NLM_F_ACK, "get chain [%d]", family); @@ -272,21 +276,21 @@ static const char *chain_exists(nfapi_socket *nl, int family, const char *chain) nfapi_add_str_attr(b, NFTA_CHAIN_NAME, chain, "chain '%s'", chain); if (!nfapi_send_buf(nl, b)) - return "failed to write to netlink socket for chain exists"; + return false; bool exists = false; const char *err = nfapi_recv_iter(nl, &(nfapi_callbacks) { .chain = nftables_do_chain }, &exists); if (err) - return err; + return false; - return exists ? NULL : "doesn't exist"; + return exists; } static char *add_chain(nfapi_socket *nl, int family, const char *chain, const char *(*callback)(nfapi_buf *)) { - if (chain_exists(nl, family, chain) == NULL) + if (chain_exists(nl, family, chain)) return NULL; g_autoptr(nfapi_buf) b = nfapi_buf_new(); @@ -301,20 +305,23 @@ static char *add_chain(nfapi_socket *nl, int family, const char *chain, if (callback) { const char *err = callback(b); if (err) - return g_strdup_printf("error returned from callback trying to add chain: %s", - err); + return g_strdup_printf("error returned from callback trying to add chain: %s " + "(attempted: \"%s\")", + err, nfapi_buf_msg(b)); } nfapi_batch_end(b); if (!nfapi_send_buf(nl, b)) - return g_strdup_printf("failed to write to netlink socket trying to add chain (%s)", - strerror(errno)); + return g_strdup_printf("failed to write to netlink socket trying to add chain (%s) " + "(attempted: \"%s\")", + strerror(errno), nfapi_buf_msg(b)); const char *err = nfapi_recv_iter(nl, NULL, NULL); if (err) - return g_strdup_printf("error received from netlink socket trying to add chain (%s): %s", - strerror(errno), err); + return g_strdup_printf("error received from netlink socket trying to add chain (%s): %s " + "(attempted: \"%s\")", + strerror(errno), err, nfapi_buf_msg(b)); return NULL; } @@ -334,19 +341,22 @@ static char *add_rule(nfapi_socket *nl, int family, const char *err = callbacks.rule_callback(b, family, &callbacks); if (err) - return g_strdup_printf("error returned from callback trying to add table: %s", - err); + return g_strdup_printf("error returned from callback trying to add table: %s " + "(attempted: \"%s\")", + err, nfapi_buf_msg(b)); nfapi_batch_end(b); if (!nfapi_send_buf(nl, b)) - return g_strdup_printf("failed to write to netlink socket trying to add rule (%s)", - strerror(errno)); + return g_strdup_printf("failed to write to netlink socket trying to add rule (%s) " + "(attempted: \"%s\")", + strerror(errno), nfapi_buf_msg(b)); err = nfapi_recv_iter(nl, NULL, NULL); if (err) - return g_strdup_printf("error received from netlink socket trying to add rule (%s): %s", - strerror(errno), err); + return g_strdup_printf("error received from netlink socket trying to add rule (%s): %s " + "(attempted: \"%s\")", + strerror(errno), err, nfapi_buf_msg(b)); return NULL; } @@ -613,13 +623,15 @@ static char *delete_chain(nfapi_socket *nl, int family, const char *chain) { nfapi_batch_end(b); if (!nfapi_send_buf(nl, b)) - return g_strdup_printf("failed to write to netlink socket trying to delete chain (%s)", - strerror(errno)); + return g_strdup_printf("failed to write to netlink socket trying to delete chain (%s) " + "(attempted: \"%s\")", + strerror(errno), nfapi_buf_msg(b)); const char *err = nfapi_recv_iter(nl, NULL, NULL); if (err) - return g_strdup_printf("error received from netlink socket trying to delete chain (%s): %s", - strerror(errno), err); + return g_strdup_printf("error received from netlink socket trying to delete chain (%s): %s " + "(attempted: \"%s\")", + strerror(errno), err, nfapi_buf_msg(b)); return NULL; } @@ -701,13 +713,15 @@ static char *add_table(nfapi_socket *nl, int family) { nfapi_batch_end(b); if (!nfapi_send_buf(nl, b)) - return g_strdup_printf("failed to write to netlink socket trying to add table (%s)", - strerror(errno)); + return g_strdup_printf("failed to write to netlink socket trying to add table (%s) " + "(attempted: \"%s\")", + strerror(errno), nfapi_buf_msg(b)); const char *err = nfapi_recv_iter(nl, NULL, NULL); if (err) - return g_strdup_printf("error received from netlink socket trying to add table (%s): %s", - strerror(errno), err); + return g_strdup_printf("error received from netlink socket trying to add table (%s): %s " + "(attempted: \"%s\")", + strerror(errno), err, nfapi_buf_msg(b)); return NULL; } diff --git a/lib/netfilter_api.c b/lib/netfilter_api.c index b7f3058bf..ae2fc5794 100644 --- a/lib/netfilter_api.c +++ b/lib/netfilter_api.c @@ -78,6 +78,10 @@ void nfapi_buf_free(nfapi_buf *b) { g_free(b); } +const char *nfapi_buf_msg(nfapi_buf *b) { + return b->readable->str; +} + static void readable_vadd(GString *r, const char *fmt, va_list va) { if (r->len > 0) diff --git a/lib/netfilter_api.h b/lib/netfilter_api.h index a93b20920..28b252f57 100644 --- a/lib/netfilter_api.h +++ b/lib/netfilter_api.h @@ -24,6 +24,7 @@ void nfapi_socket_close(nfapi_socket *); nfapi_buf *nfapi_buf_new(void); void nfapi_buf_free(nfapi_buf *); +const char *nfapi_buf_msg(nfapi_buf *); __attribute__ ((format(printf, 5, 6))) void nfapi_add_msg(nfapi_buf *, uint16_t type, uint16_t family, uint16_t flags, const char *fmt, ...);