summaryrefslogtreecommitdiffstats
path: root/iptables/xtables-restore.c
diff options
context:
space:
mode:
Diffstat (limited to 'iptables/xtables-restore.c')
-rw-r--r--iptables/xtables-restore.c77
1 files changed, 43 insertions, 34 deletions
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 8ca2abff..23cd3498 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -115,14 +115,14 @@ static void xtables_restore_parse_line(struct nft_handle *h,
DEBUGP("line %u, table '%s'\n", line, table);
if (!table)
xtables_error(PARAMETER_PROBLEM,
- "%s: line %u table name invalid\n",
- xt_params->program_name, line);
+ "%s: line %u table name invalid",
+ xt_params->program_name, line);
state->curtable = nft_table_builtin_find(h, table);
if (!state->curtable)
xtables_error(PARAMETER_PROBLEM,
- "%s: line %u table name '%s' invalid\n",
- xt_params->program_name, line, table);
+ "%s: line %u table name '%s' invalid",
+ xt_params->program_name, line, table);
if (p->tablename && (strcmp(p->tablename, table) != 0))
return;
@@ -152,37 +152,33 @@ static void xtables_restore_parse_line(struct nft_handle *h,
DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain)
xtables_error(PARAMETER_PROBLEM,
- "%s: line %u chain name invalid\n",
- xt_params->program_name, line);
+ "%s: line %u chain name invalid",
+ xt_params->program_name, line);
- if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
- xtables_error(PARAMETER_PROBLEM,
- "Invalid chain name `%s' (%u chars max)",
- chain, XT_EXTENSION_MAXNAMELEN - 1);
+ xtables_announce_chain(chain);
+ assert_valid_chain_name(chain);
policy = strtok(NULL, " \t\n");
DEBUGP("line %u, policy '%s'\n", line, policy);
if (!policy)
xtables_error(PARAMETER_PROBLEM,
- "%s: line %u policy invalid\n",
- xt_params->program_name, line);
+ "%s: line %u policy invalid",
+ xt_params->program_name, line);
if (nft_chain_builtin_find(state->curtable, chain)) {
- if (counters) {
- char *ctrs;
- ctrs = strtok(NULL, " \t\n");
-
- if (!ctrs || !parse_counters(ctrs, &count))
- xtables_error(PARAMETER_PROBLEM,
- "invalid policy counters for chain '%s'\n",
- chain);
+ char *ctrs = strtok(NULL, " \t\n");
- }
+ if ((!ctrs && counters) ||
+ (ctrs && !parse_counters(ctrs, &count)))
+ xtables_error(PARAMETER_PROBLEM,
+ "invalid policy counters for chain '%s'",
+ chain);
if (cb->chain_set &&
cb->chain_set(h, state->curtable->name,
- chain, policy, &count) < 0) {
+ chain, policy,
+ counters ? &count : NULL) < 0) {
xtables_error(OTHER_PROBLEM,
- "Can't set policy `%s' on `%s' line %u: %s\n",
+ "Can't set policy `%s' on `%s' line %u: %s",
policy, chain, line,
strerror(errno));
}
@@ -191,13 +187,13 @@ static void xtables_restore_parse_line(struct nft_handle *h,
} else if (cb->chain_restore(h, chain, state->curtable->name) < 0 &&
errno != EEXIST) {
xtables_error(PARAMETER_PROBLEM,
- "cannot create chain '%s' (%s)\n",
+ "cannot create chain '%s' (%s)",
chain, strerror(errno));
} else if (h->family == NFPROTO_BRIDGE &&
!ebt_cmd_user_chain_policy(h, state->curtable->name,
chain, policy)) {
xtables_error(OTHER_PROBLEM,
- "Can't set policy `%s' on `%s' line %u: %s\n",
+ "Can't set policy `%s' on `%s' line %u: %s",
policy, chain, line,
strerror(errno));
}
@@ -206,11 +202,15 @@ static void xtables_restore_parse_line(struct nft_handle *h,
char *pcnt = NULL;
char *bcnt = NULL;
char *parsestart = buffer;
+ int i;
add_argv(&state->av_store, xt_params->program_name, 0);
add_argv(&state->av_store, "-t", 0);
add_argv(&state->av_store, state->curtable->name, 0);
+ for (i = 0; !h->noflush && i < verbose; i++)
+ add_argv(&state->av_store, "-v", 0);
+
tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line);
if (counters && pcnt && bcnt) {
add_argv(&state->av_store, "--set-counters", 0);
@@ -247,8 +247,11 @@ static void xtables_restore_parse_line(struct nft_handle *h,
(strcmp(p->tablename, state->curtable->name) != 0))
return;
if (!ret) {
- fprintf(stderr, "%s: line %u failed\n",
- xt_params->program_name, line);
+ fprintf(stderr, "%s: line %u failed",
+ xt_params->program_name, h->error.lineno);
+ if (errno)
+ fprintf(stderr, ": %s.", nft_strerror(errno));
+ fprintf(stderr, "\n");
exit(1);
}
}
@@ -309,7 +312,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
counters = 1;
break;
case 'v':
- verbose = 1;
+ verbose++;
break;
case 'V':
printf("%s v%s\n", prog_name, prog_vers);
@@ -356,17 +359,19 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
p.in = stdin;
}
+ init_extensions();
switch (family) {
case NFPROTO_IPV4:
- case NFPROTO_IPV6: /* fallthough, same table */
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
- init_extensions();
init_extensions4();
+ break;
+ case NFPROTO_IPV6:
init_extensions6();
-#endif
break;
case NFPROTO_ARP:
+ init_extensionsa();
+ break;
case NFPROTO_BRIDGE:
+ init_extensionsb();
break;
default:
fprintf(stderr, "Unknown family %d\n", family);
@@ -413,6 +418,7 @@ static const struct nft_xt_restore_cb ebt_restore_cb = {
static const struct option ebt_restore_options[] = {
{.name = "noflush", .has_arg = 0, .val = 'n'},
+ {.name = "verbose", .has_arg = 0, .val = 'v'},
{ 0 }
};
@@ -426,15 +432,18 @@ int xtables_eb_restore_main(int argc, char *argv[])
struct nft_handle h;
int c;
- while ((c = getopt_long(argc, argv, "n",
+ while ((c = getopt_long(argc, argv, "nv",
ebt_restore_options, NULL)) != -1) {
switch(c) {
case 'n':
noflush = 1;
break;
+ case 'v':
+ verbose++;
+ break;
default:
fprintf(stderr,
- "Usage: ebtables-restore [ --noflush ]\n");
+ "Usage: ebtables-restore [ --verbose ] [ --noflush ]\n");
exit(1);
break;
}