diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2016-09-30 17:00:16 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2016-09-30 17:00:17 +0000 |
commit | a4bb5c7173ceaf58893924e84187bb97c88d10a1 (patch) | |
tree | 1ee2086cc1e1f5938430cfe85bf93973b7433a86 | |
parent | d6e9946cdd57a92c9bc86ba97a4ca42078153008 (diff) | |
parent | 53ca94ab3422c278830f96752cab932c1f038a7d (diff) | |
download | native-a4bb5c7173ceaf58893924e84187bb97c88d10a1.tar.gz |
Merge "Add "ip xfrm policy" to dumpstate output" into nyc-mr1-dev
-rw-r--r-- | cmds/dumpstate/dumpstate.cpp | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/cmds/dumpstate/dumpstate.cpp b/cmds/dumpstate/dumpstate.cpp index 6fa42f3aea..538f0b4330 100644 --- a/cmds/dumpstate/dumpstate.cpp +++ b/cmds/dumpstate/dumpstate.cpp @@ -687,12 +687,12 @@ static bool add_text_zip_entry(const std::string& entry_name, const std::string& static void dump_iptables() { run_command("IPTABLES", 10, "iptables", "-L", "-nvx", NULL); run_command("IP6TABLES", 10, "ip6tables", "-L", "-nvx", NULL); - run_command("IPTABLE NAT", 10, "iptables", "-t", "nat", "-L", "-nvx", NULL); + run_command("IPTABLES NAT", 10, "iptables", "-t", "nat", "-L", "-nvx", NULL); /* no ip6 nat */ - run_command("IPTABLE MANGLE", 10, "iptables", "-t", "mangle", "-L", "-nvx", NULL); - run_command("IP6TABLE MANGLE", 10, "ip6tables", "-t", "mangle", "-L", "-nvx", NULL); - run_command("IPTABLE RAW", 10, "iptables", "-t", "raw", "-L", "-nvx", NULL); - run_command("IP6TABLE RAW", 10, "ip6tables", "-t", "raw", "-L", "-nvx", NULL); + run_command("IPTABLES MANGLE", 10, "iptables", "-t", "mangle", "-L", "-nvx", NULL); + run_command("IP6TABLES MANGLE", 10, "ip6tables", "-t", "mangle", "-L", "-nvx", NULL); + run_command("IPTABLES RAW", 10, "iptables", "-t", "raw", "-L", "-nvx", NULL); + run_command("IP6TABLES RAW", 10, "ip6tables", "-t", "raw", "-L", "-nvx", NULL); } static void dumpstate(const std::string& screenshot_path, const std::string& version) { @@ -1373,6 +1373,9 @@ int main(int argc, char *argv[]) { add_mountinfo(); dump_iptables(); + // Capture any IPSec policies in play. No keys are exposed here. + run_command("IP XFRM POLICY", 10, "ip", "xfrm", "policy", nullptr); + // Run ss as root so we can see socket marks. run_command("DETAILED SOCKET STATE", 10, "ss", "-eionptu", NULL); |