summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--iptables/nft-shared.h1
-rw-r--r--iptables/nft.c38
-rw-r--r--iptables/nft.h1
-rw-r--r--iptables/xtables.c1
4 files changed, 22 insertions, 19 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 0716c8f4..0788e98a 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -13,7 +13,6 @@
#include "xshared.h"
#ifdef DEBUG
-#define NLDEBUG
#define DEBUG_DEL
#endif
diff --git a/iptables/nft.c b/iptables/nft.c
index 3e434549..7cc6ca52 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -926,15 +926,16 @@ void nft_fini(struct nft_handle *h)
mnl_socket_close(h->nl);
}
-static void nft_chain_print_debug(struct nftnl_chain *c, struct nlmsghdr *nlh)
+static void nft_chain_print_debug(struct nft_handle *h,
+ struct nftnl_chain *c, struct nlmsghdr *nlh)
{
-#ifdef NLDEBUG
- char tmp[1024];
-
- nftnl_chain_snprintf(tmp, sizeof(tmp), c, 0, 0);
- printf("DEBUG: chain: %s\n", tmp);
- mnl_nlmsg_fprintf(stdout, nlh, nlh->nlmsg_len, sizeof(struct nfgenmsg));
-#endif
+ if (h->verbose > 1) {
+ nftnl_chain_fprintf(stdout, c, 0, 0);
+ fprintf(stdout, "\n");
+ }
+ if (h->verbose > 2)
+ mnl_nlmsg_fprintf(stdout, nlh, nlh->nlmsg_len,
+ sizeof(struct nfgenmsg));
}
static struct nftnl_chain *nft_chain_new(struct nft_handle *h,
@@ -1567,15 +1568,16 @@ int add_log(struct nftnl_rule *r, struct iptables_command_state *cs)
return 0;
}
-static void nft_rule_print_debug(struct nftnl_rule *r, struct nlmsghdr *nlh)
+static void nft_rule_print_debug(struct nft_handle *h,
+ struct nftnl_rule *r, struct nlmsghdr *nlh)
{
-#ifdef NLDEBUG
- char tmp[1024];
-
- nftnl_rule_snprintf(tmp, sizeof(tmp), r, 0, 0);
- printf("DEBUG: rule: %s\n", tmp);
- mnl_nlmsg_fprintf(stdout, nlh, nlh->nlmsg_len, sizeof(struct nfgenmsg));
-#endif
+ if (h->verbose > 1) {
+ nftnl_rule_fprintf(stdout, r, 0, 0);
+ fprintf(stdout, "\n");
+ }
+ if (h->verbose > 2)
+ mnl_nlmsg_fprintf(stdout, nlh, nlh->nlmsg_len,
+ sizeof(struct nfgenmsg));
}
int add_counters(struct nftnl_rule *r, uint64_t packets, uint64_t bytes)
@@ -2879,7 +2881,7 @@ static void nft_compat_chain_batch_add(struct nft_handle *h, uint16_t type,
nlh = nftnl_chain_nlmsg_build_hdr(nftnl_batch_buffer(h->batch),
type, h->family, flags, seq);
nftnl_chain_nlmsg_build_payload(nlh, chain);
- nft_chain_print_debug(chain, nlh);
+ nft_chain_print_debug(h, chain, nlh);
}
static void nft_compat_rule_batch_add(struct nft_handle *h, uint16_t type,
@@ -2891,7 +2893,7 @@ static void nft_compat_rule_batch_add(struct nft_handle *h, uint16_t type,
nlh = nftnl_rule_nlmsg_build_hdr(nftnl_batch_buffer(h->batch),
type, h->family, flags, seq);
nftnl_rule_nlmsg_build_payload(nlh, rule);
- nft_rule_print_debug(rule, nlh);
+ nft_rule_print_debug(h, rule, nlh);
}
static void batch_obj_del(struct nft_handle *h, struct obj_update *o)
diff --git a/iptables/nft.h b/iptables/nft.h
index 4c78f761..fd116c2e 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -109,6 +109,7 @@ struct nft_handle {
int8_t config_done;
struct list_head cmd_list;
bool cache_init;
+ int verbose;
/* meta data, for error reporting */
struct {
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 051d5c7b..c44b39ac 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -163,6 +163,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
h->ops->init_cs(&cs);
do_parse(argc, argv, &p, &cs, &args);
+ h->verbose = p.verbose;
if (!nft_table_builtin_find(h, p.table))
xtables_error(VERSION_PROBLEM,