diff options
author | Phil Sutter <phil@nwl.cc> | 2022-01-28 15:32:10 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-02-04 09:49:23 +0100 |
commit | 17ed253f9dd401d7b83b81f5db93411bee592a40 (patch) | |
tree | 2b953d3422b0d705678746b329b2c7765176ba6e /iptables | |
parent | a761a026c60d4ce4e8f9a79b6e51ddc57fe97e1a (diff) |
iptables-restore: Support for extra debug output
Treat --verbose just like iptables itself, increasing debug level with
number of invocations.
To propagate the level into do_command() callback, insert virtual '-v'
flags into rule lines.
The only downside of this is that simple verbose output is changed and
now also prints the rules as they are added - which would be useful if
the lines contained the chain they apply to.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/iptables-restore.8.in | 1 | ||||
-rw-r--r-- | iptables/iptables-restore.c | 6 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/ipt-restore/0014-verbose-restore_0 | 9 | ||||
-rw-r--r-- | iptables/xtables-restore.c | 6 |
4 files changed, 17 insertions, 5 deletions
diff --git a/iptables/iptables-restore.8.in b/iptables/iptables-restore.8.in index b4b62f92..883da998 100644 --- a/iptables/iptables-restore.8.in +++ b/iptables/iptables-restore.8.in @@ -54,6 +54,7 @@ Only parse and construct the ruleset, but do not commit it. .TP \fB\-v\fP, \fB\-\-verbose\fP Print additional debug info during ruleset processing. +Specify multiple times to increase debug level. .TP \fB\-V\fP, \fB\-\-version\fP Print the program version number. diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c index a3efb067..3c0a2389 100644 --- a/iptables/iptables-restore.c +++ b/iptables/iptables-restore.c @@ -114,7 +114,7 @@ ip46tables_restore_main(const struct iptables_restore_cb *cb, counters = 1; break; case 'v': - verbose = 1; + verbose++; break; case 'V': printf("%s v%s\n", @@ -317,11 +317,15 @@ ip46tables_restore_main(const struct iptables_restore_cb *cb, char *pcnt = NULL; char *bcnt = NULL; char *parsestart = buffer; + int i; add_argv(&av_store, argv[0], 0); add_argv(&av_store, "-t", 0); add_argv(&av_store, curtable, 0); + for (i = 0; !noflush && i < verbose; i++) + add_argv(&av_store, "-v", 0); + tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line); if (counters && pcnt && bcnt) { add_argv(&av_store, "--set-counters", 0); diff --git a/iptables/tests/shell/testcases/ipt-restore/0014-verbose-restore_0 b/iptables/tests/shell/testcases/ipt-restore/0014-verbose-restore_0 index fc8559c5..5daf7a78 100755 --- a/iptables/tests/shell/testcases/ipt-restore/0014-verbose-restore_0 +++ b/iptables/tests/shell/testcases/ipt-restore/0014-verbose-restore_0 @@ -33,6 +33,7 @@ Flushing chain \`bar' Flushing chain \`foo' Deleting chain \`bar' Deleting chain \`foo' +ACCEPT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 Flushing chain \`PREROUTING' Flushing chain \`INPUT' Flushing chain \`OUTPUT' @@ -41,6 +42,7 @@ Flushing chain \`natbar' Flushing chain \`natfoo' Deleting chain \`natbar' Deleting chain \`natfoo' +ACCEPT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 Flushing chain \`PREROUTING' Flushing chain \`OUTPUT' Flushing chain \`rawfoo' @@ -58,9 +60,10 @@ Flushing chain \`OUTPUT' Flushing chain \`secfoo' Deleting chain \`secfoo'" -for ipt in iptables-restore ip6tables-restore; do - diff -u -Z <(echo "$EXPECT") <($XT_MULTI $ipt -v <<< "$DUMP") -done +EXPECT6=$(sed -e 's/0\.0\.0\.0/::/g' -e 's/opt --/opt /' <<< "$EXPECT") + +diff -u -Z <(echo "$EXPECT") <($XT_MULTI iptables-restore -v <<< "$DUMP") +diff -u -Z <(echo "$EXPECT6") <($XT_MULTI ip6tables-restore -v <<< "$DUMP") DUMP="*filter :baz - [0:0] diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 8ca2abff..f5aabf3c 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -206,11 +206,15 @@ static void xtables_restore_parse_line(struct nft_handle *h, char *pcnt = NULL; char *bcnt = NULL; char *parsestart = buffer; + int i; add_argv(&state->av_store, xt_params->program_name, 0); add_argv(&state->av_store, "-t", 0); add_argv(&state->av_store, state->curtable->name, 0); + for (i = 0; !h->noflush && i < verbose; i++) + add_argv(&state->av_store, "-v", 0); + tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line); if (counters && pcnt && bcnt) { add_argv(&state->av_store, "--set-counters", 0); @@ -309,7 +313,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) counters = 1; break; case 'v': - verbose = 1; + verbose++; break; case 'V': printf("%s v%s\n", prog_name, prog_vers); |