[iptables] iptables: refer to dmesg when we hit error

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Wed Nov 19 19:10:50 CET 2008 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=7937e94ed36d2bdb909cc0744fbf229564a55592
commit 7937e94ed36d2bdb909cc0744fbf229564a55592
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Nov 19 19:01:26 2008 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Nov 19 19:01:26 2008 +0100

    iptables: refer to dmesg when we hit error
    
    This does not make any better, but at least refer to
    dmesg which is the common source of information to diagnose
    kernel-side problems. This is helpful for newbie users.
    
    # iptables -I INPUT -j CLUSTERIP
    iptables: Invalid argument. Run `dmesg' for more information.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 0ec8c0f00b591681076af2db34df0f230b08fa2c
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Nov 19 19:01:26 2008 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Nov 19 19:01:26 2008 +0100

    state: report spaces in the state list parsing
    
    This patch adds better error reporting when the user inserts a space
    between two states with the --state option.
    
    iptables -I INPUT -m state ESTABLISHED, RELATED
                                           ^
    				  mind the space
    
    results in:
    
    iptables v1.4.2-rc1: Bad state `'
    Try `iptables -h' or 'iptables --help' for more information.
    
    Now this returns:
    
    iptables v1.4.2-rc1: `--state' requires a list of states with no
    spaces, e.g. ESTABLISHED,RELATED
    
    This patch also applies to libxt_conntrack which has a copy of the
    function.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 0e6b7d3171988cf745d4d99006459bcea99e6e34
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Nov 19 19:01:26 2008 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Nov 19 19:01:26 2008 +0100

    iptables: fix error reporting with wrong/missing arguments
    
    This patch fixes wrong error reporting when arguments are missing:
    
    # iptables -I INPUT -m state --state
    iptables v1.4.2-rc1: Unknown arg `(null)'
    Try `iptables -h' or 'iptables --help' for more information.
    
    or wrong:
    
    # iptables -I INPUT -m state --xyz
    iptables v1.4.2-rc1: Unknown arg `(null)'
    Try `iptables -h' or 'iptables --help' for more information.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  7937e94ed36d2bdb909cc0744fbf229564a55592 (commit)
       via  0ec8c0f00b591681076af2db34df0f230b08fa2c (commit)
       via  0e6b7d3171988cf745d4d99006459bcea99e6e34 (commit)
      from  03d99486d8283552705b58dc55b6085dffc38792 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7937e94ed36d2bdb909cc0744fbf229564a55592
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Wed Nov 19 19:01:26 2008 +0100

    iptables: refer to dmesg when we hit error
    
    This does not make any better, but at least refer to
    dmesg which is the common source of information to diagnose
    kernel-side problems. This is helpful for newbie users.
    
    # iptables -I INPUT -j CLUSTERIP
    iptables: Invalid argument. Run `dmesg' for more information.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 0ec8c0f00b591681076af2db34df0f230b08fa2c
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Wed Nov 19 19:01:26 2008 +0100

    state: report spaces in the state list parsing
    
    This patch adds better error reporting when the user inserts a space
    between two states with the --state option.
    
    iptables -I INPUT -m state ESTABLISHED, RELATED
                                           ^
    				  mind the space
    
    results in:
    
    iptables v1.4.2-rc1: Bad state `'
    Try `iptables -h' or 'iptables --help' for more information.
    
    Now this returns:
    
    iptables v1.4.2-rc1: `--state' requires a list of states with no
    spaces, e.g. ESTABLISHED,RELATED
    
    This patch also applies to libxt_conntrack which has a copy of the
    function.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 0e6b7d3171988cf745d4d99006459bcea99e6e34
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Wed Nov 19 19:01:26 2008 +0100

    iptables: fix error reporting with wrong/missing arguments
    
    This patch fixes wrong error reporting when arguments are missing:
    
    # iptables -I INPUT -m state --state
    iptables v1.4.2-rc1: Unknown arg `(null)'
    Try `iptables -h' or 'iptables --help' for more information.
    
    or wrong:
    
    # iptables -I INPUT -m state --xyz
    iptables v1.4.2-rc1: Unknown arg `(null)'
    Try `iptables -h' or 'iptables --help' for more information.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 extensions/libxt_conntrack.c |    5 ++++-
 extensions/libxt_state.c     |    5 ++++-
 ip6tables-standalone.c       |    3 ++-
 ip6tables.c                  |   19 ++++++++++++++++++-
 iptables-standalone.c        |    3 ++-
 iptables.c                   |   19 ++++++++++++++++++-
 6 files changed, 48 insertions(+), 6 deletions(-)
This patch fixes wrong error reporting when arguments are missing:

# iptables -I INPUT -m state --state
iptables v1.4.2-rc1: Unknown arg `(null)'
Try `iptables -h' or 'iptables --help' for more information.

or wrong:

# iptables -I INPUT -m state --xyz
iptables v1.4.2-rc1: Unknown arg `(null)'
Try `iptables -h' or 'iptables --help' for more information.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/ip6tables.c b/ip6tables.c
index 293ba37..3c45c07 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1888,9 +1888,26 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 					continue;
 				}
 
-				if (!m)
+				if (!m) {
+					if (c == '?') {
+						if (optopt) {
+							exit_error(
+							   PARAMETER_PROBLEM,
+							   "option `%s' "
+							   "requires an "
+							   "argument",
+							   argv[optind-1]);
+						} else {
+							exit_error(
+							   PARAMETER_PROBLEM,
+							   "unknown option "
+							   "`%s'",
+							   argv[optind-1]);
+						}
+					}
 					exit_error(PARAMETER_PROBLEM,
 						   "Unknown arg `%s'", optarg);
+				}
 			}
 		}
 		invert = FALSE;
diff --git a/iptables.c b/iptables.c
index 2c6b4dc..b75df87 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1909,9 +1909,26 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 					optind--;
 					continue;
 				}
-				if (!m)
+				if (!m) {
+					if (c == '?') {
+						if (optopt) {
+							exit_error(
+							   PARAMETER_PROBLEM,
+							   "option `%s' "
+							   "requires an "
+							   "argument",
+							   argv[optind-1]);
+						} else {
+							exit_error(
+							   PARAMETER_PROBLEM,
+							   "unknown option "
+							   "`%s'",
+							   argv[optind-1]);
+						}
+					}
 					exit_error(PARAMETER_PROBLEM,
 						   "Unknown arg `%s'", optarg);
+				}
 			}
 		}
 		invert = FALSE;

More information about the netfilter-cvslog mailing list