From 531284a3a5757e6fa2c656a64c7dabb9d7edbfa3 Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Tue, 12 Mar 2013 18:16:43 +0100 Subject: iptables: Improve debug log output We need to see a bit more in detail what happens when CONNMAN_IPTABLES_DEBUG is not set, for example the removing/flushing during bootup. Also remove the DBG() from parse_rule_spec() because all callers already have a DBG(). So not much additional information here. --- src/iptables.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'src/iptables.c') diff --git a/src/iptables.c b/src/iptables.c index 24e19842..1c544e5f 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -160,6 +160,7 @@ struct connman_iptables_entry { }; struct connman_iptables { + char *name; int ipt_sock; struct ipt_getinfo *info; @@ -521,6 +522,8 @@ static int iptables_flush_chain(struct connman_iptables *table, struct connman_iptables_entry *entry; int builtin, removed = 0; + DBG("table %s chain %s", table->name, name); + chain_head = find_chain_head(table, name); if (chain_head == NULL) return -EINVAL; @@ -585,6 +588,8 @@ static int iptables_add_chain(struct connman_iptables *table, struct ipt_standard_target *standard; u_int16_t entry_head_size, entry_return_size; + DBG("table %s chain %s", table->name, name); + last = g_list_last(table->entries); /* @@ -652,6 +657,8 @@ static int iptables_delete_chain(struct connman_iptables *table, struct connman_iptables_entry *entry; GList *chain_head, *chain_tail; + DBG("table %s chain %s", table->name, name); + chain_head = find_chain_head(table, name); if (chain_head == NULL) return -EINVAL; @@ -806,6 +813,8 @@ static int iptables_append_rule(struct connman_iptables *table, int builtin = -1, ret; GList *chain_tail; + DBG("table %s chain %s", table->name, chain_name); + chain_tail = find_chain_tail(table, chain_name); if (chain_tail == NULL) return -EINVAL; @@ -993,6 +1002,8 @@ static int iptables_delete_rule(struct connman_iptables *table, GList *chain_head, *chain_tail, *list; int builtin, removed; + DBG("table %s chain %s", table->name, chain_name); + removed = 0; chain_head = find_chain_head(table, chain_name); @@ -1057,6 +1068,8 @@ static int iptables_change_policy(struct connman_iptables *table, struct xt_standard_target *t; int verdict; + DBG("table %s chain %s policy %s", table->name, chain_name, policy); + verdict = target_to_verdict(policy); switch (verdict) { case -NF_ACCEPT - 1: @@ -1377,6 +1390,7 @@ static void table_cleanup(struct connman_iptables *table) } g_list_free(table->entries); + g_free(table->name); g_free(table->info); g_free(table->blob_entries); g_free(table); @@ -1671,7 +1685,8 @@ static struct connman_iptables *pre_load_table(const char *table_name, if (table == NULL) return NULL; - g_hash_table_insert(table_hash, g_strdup(table_name), table); + table->name = g_strdup(table_name); + g_hash_table_replace(table_hash, table->name, table); return table; } @@ -1851,8 +1866,6 @@ static int parse_rule_spec(struct connman_iptables *table, connman_bool_t invert = FALSE; int len, c, err; - DBG(""); - ctx->ip = g_try_new0(struct ipt_ip, 1); if (ctx->ip == NULL) return -ENOMEM; @@ -2288,7 +2301,7 @@ int __connman_iptables_init(void) debug_enabled = TRUE; table_hash = g_hash_table_new_full(g_str_hash, g_str_equal, - g_free, remove_table); + NULL, remove_table); xtables_init_all(&iptables_globals, NFPROTO_IPV4); -- cgit v1.2.3