netfilter: xt_CT: provide info on why a rule was rejected
authorJan Engelhardt <jengelh@medozas.de>
Thu, 21 Apr 2011 09:05:14 +0000 (11:05 +0200)
committerPatrick McHardy <kaber@trash.net>
Thu, 21 Apr 2011 09:05:14 +0000 (11:05 +0200)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
net/netfilter/xt_CT.c

index 782e51986a6f670ce6c033c1a1d99e5a26d46885..0221d10de75a517dbc4c5e5c7d40b432abef15a3 100644 (file)
@@ -5,7 +5,7 @@
  * it under the terms of the GNU General Public License version 2 as
  * published by the Free Software Foundation.
  */
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/module.h>
 #include <linux/gfp.h>
 #include <linux/skbuff.h>
@@ -95,8 +95,11 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
        if (info->helper[0]) {
                ret = -ENOENT;
                proto = xt_ct_find_proto(par);
-               if (!proto)
+               if (!proto) {
+                       pr_info("You must specify a L4 protocol, "
+                               "and not use inversions on it.\n");
                        goto err3;
+               }
 
                ret = -ENOMEM;
                help = nf_ct_helper_ext_add(ct, GFP_KERNEL);
@@ -107,8 +110,10 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
                help->helper = nf_conntrack_helper_try_module_get(info->helper,
                                                                  par->family,
                                                                  proto);
-               if (help->helper == NULL)
+               if (help->helper == NULL) {
+                       pr_info("No such helper \"%s\"\n", info->helper);
                        goto err3;
+               }
        }
 
        __set_bit(IPS_TEMPLATE_BIT, &ct->status);