From 51d9d9e0813448025271d6948826990eb44b8dcc Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 4 Feb 2022 13:27:51 +0100
Subject: ebtables: Support verbose mode

Accept '-v' flag in both ebtables-nft and ebtables-nft-restore. Mostly
interesting because it allows for netlink debug output when specified
multiple times.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/ebtables-nft.8    |  6 ++++++
 iptables/xtables-eb.c      | 25 ++++++++++++++++++-------
 iptables/xtables-restore.c |  8 ++++++--
 3 files changed, 30 insertions(+), 9 deletions(-)

(limited to 'iptables')

diff --git a/iptables/ebtables-nft.8 b/iptables/ebtables-nft.8
index 08e9766f..d75aae24 100644
--- a/iptables/ebtables-nft.8
+++ b/iptables/ebtables-nft.8
@@ -307,6 +307,12 @@ of the ebtables kernel table.
 Replace the current table data by the initial table data.
 .SS MISCELLANOUS COMMANDS
 .TP
+.B "-v, --verbose"
+Verbose mode.
+For appending, insertion, deletion and replacement, this causes
+detailed information on the rule or rules to be printed. \fB\-v\fP may be
+specified multiple times to possibly emit more detailed debug statements.
+.TP
 .B "-V, --version"
 Show the version of the ebtables userspace program.
 .TP
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 060e06c5..1e5b50ba 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -195,6 +195,7 @@ struct option ebt_original_options[] =
 	{ "out-interface"  , required_argument, 0, 'o' },
 	{ "out-if"         , required_argument, 0, 'o' },
 	{ "version"        , no_argument      , 0, 'V' },
+	{ "verbose"        , no_argument      , 0, 'v' },
 	{ "help"           , no_argument      , 0, 'h' },
 	{ "jump"           , required_argument, 0, 'j' },
 	{ "set-counters"   , required_argument, 0, 'c' },
@@ -219,7 +220,7 @@ struct option ebt_original_options[] =
 struct xtables_globals ebtables_globals = {
 	.option_offset 		= 0,
 	.program_version	= PACKAGE_VERSION " (nf_tables)",
-	.optstring		= OPTSTRING_COMMON "h",
+	.optstring		= OPTSTRING_COMMON "hv",
 	.orig_opts		= ebt_original_options,
 	.compat_rev		= nft_compatible_revision,
 };
@@ -325,6 +326,7 @@ static void print_help(const struct xtables_target *t,
 "          pcnt bcnt           : set the counters of the to be added rule\n"
 "--modprobe -M program         : try to insert modules using this program\n"
 "--concurrent                  : use a file lock to support concurrent scripts\n"
+"--verbose -v                  : verbose mode\n"
 "--version -V                  : print package version\n\n"
 "Environment variable:\n"
 /*ATOMIC_ENV_VARIABLE "          : if set <FILE> (see above) will equal its value"*/
@@ -726,6 +728,9 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
 	struct ebt_match *match;
 	bool table_set = false;
 
+	/* avoid cumulating verbosity with ebtables-restore */
+	h->verbose = 0;
+
 	/* prevent getopt to spoil our error reporting */
 	optind = 0;
 	opterr = false;
@@ -854,6 +859,10 @@ print_zero:
 				optind++;
 			}
 			break;
+		case 'v': /* verbose */
+			flags |= OPT_VERBOSE;
+			h->verbose++;
+			break;
 		case 'V': /* Version */
 			if (OPT_COMMANDS)
 				xtables_error(PARAMETER_PROBLEM,
@@ -1146,24 +1155,26 @@ print_zero:
 		}
 	} else if (command == 'L') {
 		ret = list_rules(h, chain, *table, rule_nr,
-				 0,
+				 flags & OPT_VERBOSE,
 				 0,
 				 /*flags&OPT_EXPANDED*/0,
 				 flags&LIST_N,
 				 flags&LIST_C);
 	}
 	if (flags & OPT_ZERO) {
-		ret = nft_cmd_chain_zero_counters(h, chain, *table, 0);
+		ret = nft_cmd_chain_zero_counters(h, chain, *table,
+						  flags & OPT_VERBOSE);
 	} else if (command == 'F') {
-		ret = nft_cmd_rule_flush(h, chain, *table, 0);
+		ret = nft_cmd_rule_flush(h, chain, *table, flags & OPT_VERBOSE);
 	} else if (command == 'A') {
-		ret = append_entry(h, chain, *table, &cs, 0, 0, true);
+		ret = append_entry(h, chain, *table, &cs, 0,
+				   flags & OPT_VERBOSE, true);
 	} else if (command == 'I') {
 		ret = append_entry(h, chain, *table, &cs, rule_nr - 1,
-				   0, false);
+				   flags & OPT_VERBOSE, false);
 	} else if (command == 'D') {
 		ret = delete_entry(h, chain, *table, &cs, rule_nr - 1,
-				   rule_nr_end, 0);
+				   rule_nr_end, flags & OPT_VERBOSE);
 	} /*else if (replace->command == 'C') {
 		ebt_change_counters(replace, new_entry, rule_nr, rule_nr_end, &(new_entry->cnt_surplus), chcounter);
 		if (ebt_errormsg[0] != '\0')
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index f5aabf3c..81b25a43 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -417,6 +417,7 @@ static const struct nft_xt_restore_cb ebt_restore_cb = {
 
 static const struct option ebt_restore_options[] = {
 	{.name = "noflush", .has_arg = 0, .val = 'n'},
+	{.name = "verbose", .has_arg = 0, .val = 'v'},
 	{ 0 }
 };
 
@@ -430,15 +431,18 @@ int xtables_eb_restore_main(int argc, char *argv[])
 	struct nft_handle h;
 	int c;
 
-	while ((c = getopt_long(argc, argv, "n",
+	while ((c = getopt_long(argc, argv, "nv",
 				ebt_restore_options, NULL)) != -1) {
 		switch(c) {
 		case 'n':
 			noflush = 1;
 			break;
+		case 'v':
+			verbose++;
+			break;
 		default:
 			fprintf(stderr,
-				"Usage: ebtables-restore [ --noflush ]\n");
+				"Usage: ebtables-restore [ --verbose ] [ --noflush ]\n");
 			exit(1);
 			break;
 		}
-- 
cgit v1.2.3