diff options
Diffstat (limited to 'iptables/xtables-restore.c')
-rw-r--r-- | iptables/xtables-restore.c | 77 |
1 files changed, 43 insertions, 34 deletions
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 8ca2abff..23cd3498 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -115,14 +115,14 @@ static void xtables_restore_parse_line(struct nft_handle *h, DEBUGP("line %u, table '%s'\n", line, table); if (!table) xtables_error(PARAMETER_PROBLEM, - "%s: line %u table name invalid\n", - xt_params->program_name, line); + "%s: line %u table name invalid", + xt_params->program_name, line); state->curtable = nft_table_builtin_find(h, table); if (!state->curtable) xtables_error(PARAMETER_PROBLEM, - "%s: line %u table name '%s' invalid\n", - xt_params->program_name, line, table); + "%s: line %u table name '%s' invalid", + xt_params->program_name, line, table); if (p->tablename && (strcmp(p->tablename, table) != 0)) return; @@ -152,37 +152,33 @@ static void xtables_restore_parse_line(struct nft_handle *h, DEBUGP("line %u, chain '%s'\n", line, chain); if (!chain) xtables_error(PARAMETER_PROBLEM, - "%s: line %u chain name invalid\n", - xt_params->program_name, line); + "%s: line %u chain name invalid", + xt_params->program_name, line); - if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN) - xtables_error(PARAMETER_PROBLEM, - "Invalid chain name `%s' (%u chars max)", - chain, XT_EXTENSION_MAXNAMELEN - 1); + xtables_announce_chain(chain); + assert_valid_chain_name(chain); policy = strtok(NULL, " \t\n"); DEBUGP("line %u, policy '%s'\n", line, policy); if (!policy) xtables_error(PARAMETER_PROBLEM, - "%s: line %u policy invalid\n", - xt_params->program_name, line); + "%s: line %u policy invalid", + xt_params->program_name, line); if (nft_chain_builtin_find(state->curtable, chain)) { - if (counters) { - char *ctrs; - ctrs = strtok(NULL, " \t\n"); - - if (!ctrs || !parse_counters(ctrs, &count)) - xtables_error(PARAMETER_PROBLEM, - "invalid policy counters for chain '%s'\n", - chain); + char *ctrs = strtok(NULL, " \t\n"); - } + if ((!ctrs && counters) || + (ctrs && !parse_counters(ctrs, &count))) + xtables_error(PARAMETER_PROBLEM, + "invalid policy counters for chain '%s'", + chain); if (cb->chain_set && cb->chain_set(h, state->curtable->name, - chain, policy, &count) < 0) { + chain, policy, + counters ? &count : NULL) < 0) { xtables_error(OTHER_PROBLEM, - "Can't set policy `%s' on `%s' line %u: %s\n", + "Can't set policy `%s' on `%s' line %u: %s", policy, chain, line, strerror(errno)); } @@ -191,13 +187,13 @@ static void xtables_restore_parse_line(struct nft_handle *h, } else if (cb->chain_restore(h, chain, state->curtable->name) < 0 && errno != EEXIST) { xtables_error(PARAMETER_PROBLEM, - "cannot create chain '%s' (%s)\n", + "cannot create chain '%s' (%s)", chain, strerror(errno)); } else if (h->family == NFPROTO_BRIDGE && !ebt_cmd_user_chain_policy(h, state->curtable->name, chain, policy)) { xtables_error(OTHER_PROBLEM, - "Can't set policy `%s' on `%s' line %u: %s\n", + "Can't set policy `%s' on `%s' line %u: %s", policy, chain, line, strerror(errno)); } @@ -206,11 +202,15 @@ static void xtables_restore_parse_line(struct nft_handle *h, char *pcnt = NULL; char *bcnt = NULL; char *parsestart = buffer; + int i; add_argv(&state->av_store, xt_params->program_name, 0); add_argv(&state->av_store, "-t", 0); add_argv(&state->av_store, state->curtable->name, 0); + for (i = 0; !h->noflush && i < verbose; i++) + add_argv(&state->av_store, "-v", 0); + tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line); if (counters && pcnt && bcnt) { add_argv(&state->av_store, "--set-counters", 0); @@ -247,8 +247,11 @@ static void xtables_restore_parse_line(struct nft_handle *h, (strcmp(p->tablename, state->curtable->name) != 0)) return; if (!ret) { - fprintf(stderr, "%s: line %u failed\n", - xt_params->program_name, line); + fprintf(stderr, "%s: line %u failed", + xt_params->program_name, h->error.lineno); + if (errno) + fprintf(stderr, ": %s.", nft_strerror(errno)); + fprintf(stderr, "\n"); exit(1); } } @@ -309,7 +312,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) counters = 1; break; case 'v': - verbose = 1; + verbose++; break; case 'V': printf("%s v%s\n", prog_name, prog_vers); @@ -356,17 +359,19 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) p.in = stdin; } + init_extensions(); switch (family) { case NFPROTO_IPV4: - case NFPROTO_IPV6: /* fallthough, same table */ -#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) - init_extensions(); init_extensions4(); + break; + case NFPROTO_IPV6: init_extensions6(); -#endif break; case NFPROTO_ARP: + init_extensionsa(); + break; case NFPROTO_BRIDGE: + init_extensionsb(); break; default: fprintf(stderr, "Unknown family %d\n", family); @@ -413,6 +418,7 @@ static const struct nft_xt_restore_cb ebt_restore_cb = { static const struct option ebt_restore_options[] = { {.name = "noflush", .has_arg = 0, .val = 'n'}, + {.name = "verbose", .has_arg = 0, .val = 'v'}, { 0 } }; @@ -426,15 +432,18 @@ int xtables_eb_restore_main(int argc, char *argv[]) struct nft_handle h; int c; - while ((c = getopt_long(argc, argv, "n", + while ((c = getopt_long(argc, argv, "nv", ebt_restore_options, NULL)) != -1) { switch(c) { case 'n': noflush = 1; break; + case 'v': + verbose++; + break; default: fprintf(stderr, - "Usage: ebtables-restore [ --noflush ]\n"); + "Usage: ebtables-restore [ --verbose ] [ --noflush ]\n"); exit(1); break; } |