[iptables] iptables: refer to dmesg when we hit error
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Wed Nov 19 19:10:50 CET 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=7937e94ed36d2bdb909cc0744fbf229564a55592
commit 7937e94ed36d2bdb909cc0744fbf229564a55592
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Nov 19 19:01:26 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Nov 19 19:01:26 2008 +0100
iptables: refer to dmesg when we hit error
This does not make any better, but at least refer to
dmesg which is the common source of information to diagnose
kernel-side problems. This is helpful for newbie users.
# iptables -I INPUT -j CLUSTERIP
iptables: Invalid argument. Run `dmesg' for more information.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 0ec8c0f00b591681076af2db34df0f230b08fa2c
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Nov 19 19:01:26 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Nov 19 19:01:26 2008 +0100
state: report spaces in the state list parsing
This patch adds better error reporting when the user inserts a space
between two states with the --state option.
iptables -I INPUT -m state ESTABLISHED, RELATED
^
mind the space
results in:
iptables v1.4.2-rc1: Bad state `'
Try `iptables -h' or 'iptables --help' for more information.
Now this returns:
iptables v1.4.2-rc1: `--state' requires a list of states with no
spaces, e.g. ESTABLISHED,RELATED
This patch also applies to libxt_conntrack which has a copy of the
function.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 0e6b7d3171988cf745d4d99006459bcea99e6e34
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Nov 19 19:01:26 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Nov 19 19:01:26 2008 +0100
iptables: fix error reporting with wrong/missing arguments
This patch fixes wrong error reporting when arguments are missing:
# iptables -I INPUT -m state --state
iptables v1.4.2-rc1: Unknown arg `(null)'
Try `iptables -h' or 'iptables --help' for more information.
or wrong:
# iptables -I INPUT -m state --xyz
iptables v1.4.2-rc1: Unknown arg `(null)'
Try `iptables -h' or 'iptables --help' for more information.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 7937e94ed36d2bdb909cc0744fbf229564a55592 (commit)
via 0ec8c0f00b591681076af2db34df0f230b08fa2c (commit)
via 0e6b7d3171988cf745d4d99006459bcea99e6e34 (commit)
from 03d99486d8283552705b58dc55b6085dffc38792 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7937e94ed36d2bdb909cc0744fbf229564a55592
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Nov 19 19:01:26 2008 +0100
iptables: refer to dmesg when we hit error
This does not make any better, but at least refer to
dmesg which is the common source of information to diagnose
kernel-side problems. This is helpful for newbie users.
# iptables -I INPUT -j CLUSTERIP
iptables: Invalid argument. Run `dmesg' for more information.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 0ec8c0f00b591681076af2db34df0f230b08fa2c
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Nov 19 19:01:26 2008 +0100
state: report spaces in the state list parsing
This patch adds better error reporting when the user inserts a space
between two states with the --state option.
iptables -I INPUT -m state ESTABLISHED, RELATED
^
mind the space
results in:
iptables v1.4.2-rc1: Bad state `'
Try `iptables -h' or 'iptables --help' for more information.
Now this returns:
iptables v1.4.2-rc1: `--state' requires a list of states with no
spaces, e.g. ESTABLISHED,RELATED
This patch also applies to libxt_conntrack which has a copy of the
function.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 0e6b7d3171988cf745d4d99006459bcea99e6e34
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Nov 19 19:01:26 2008 +0100
iptables: fix error reporting with wrong/missing arguments
This patch fixes wrong error reporting when arguments are missing:
# iptables -I INPUT -m state --state
iptables v1.4.2-rc1: Unknown arg `(null)'
Try `iptables -h' or 'iptables --help' for more information.
or wrong:
# iptables -I INPUT -m state --xyz
iptables v1.4.2-rc1: Unknown arg `(null)'
Try `iptables -h' or 'iptables --help' for more information.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
extensions/libxt_conntrack.c | 5 ++++-
extensions/libxt_state.c | 5 ++++-
ip6tables-standalone.c | 3 ++-
ip6tables.c | 19 ++++++++++++++++++-
iptables-standalone.c | 3 ++-
iptables.c | 19 ++++++++++++++++++-
6 files changed, 48 insertions(+), 6 deletions(-)
This patch fixes wrong error reporting when arguments are missing:
# iptables -I INPUT -m state --state
iptables v1.4.2-rc1: Unknown arg `(null)'
Try `iptables -h' or 'iptables --help' for more information.
or wrong:
# iptables -I INPUT -m state --xyz
iptables v1.4.2-rc1: Unknown arg `(null)'
Try `iptables -h' or 'iptables --help' for more information.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/ip6tables.c b/ip6tables.c
index 293ba37..3c45c07 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1888,9 +1888,26 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
continue;
}
- if (!m)
+ if (!m) {
+ if (c == '?') {
+ if (optopt) {
+ exit_error(
+ PARAMETER_PROBLEM,
+ "option `%s' "
+ "requires an "
+ "argument",
+ argv[optind-1]);
+ } else {
+ exit_error(
+ PARAMETER_PROBLEM,
+ "unknown option "
+ "`%s'",
+ argv[optind-1]);
+ }
+ }
exit_error(PARAMETER_PROBLEM,
"Unknown arg `%s'", optarg);
+ }
}
}
invert = FALSE;
diff --git a/iptables.c b/iptables.c
index 2c6b4dc..b75df87 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1909,9 +1909,26 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
optind--;
continue;
}
- if (!m)
+ if (!m) {
+ if (c == '?') {
+ if (optopt) {
+ exit_error(
+ PARAMETER_PROBLEM,
+ "option `%s' "
+ "requires an "
+ "argument",
+ argv[optind-1]);
+ } else {
+ exit_error(
+ PARAMETER_PROBLEM,
+ "unknown option "
+ "`%s'",
+ argv[optind-1]);
+ }
+ }
exit_error(PARAMETER_PROBLEM,
"Unknown arg `%s'", optarg);
+ }
}
}
invert = FALSE;
More information about the netfilter-cvslog
mailing list