diff options
author | Erik Kline <ek@google.com> | 2016-09-28 17:26:26 +0900 |
---|---|---|
committer | Erik Kline <ek@google.com> | 2016-09-28 20:20:38 +0900 |
commit | 53ca94ab3422c278830f96752cab932c1f038a7d (patch) | |
tree | 77a02d3c858fb04d90b70158cfbf787ba6fc5aab | |
parent | d3b809baff20a2ff7e41f4add801f71cce0665f7 (diff) | |
download | native-53ca94ab3422c278830f96752cab932c1f038a7d.tar.gz |
Add "ip xfrm policy" to dumpstate output
Bug: 30869013
Change-Id: I1f0e5d820f0153484c38ecb0f9c764fca02d786c
-rw-r--r-- | cmds/dumpstate/dumpstate.cpp | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/cmds/dumpstate/dumpstate.cpp b/cmds/dumpstate/dumpstate.cpp index 6fa42f3aea..538f0b4330 100644 --- a/cmds/dumpstate/dumpstate.cpp +++ b/cmds/dumpstate/dumpstate.cpp @@ -687,12 +687,12 @@ static bool add_text_zip_entry(const std::string& entry_name, const std::string& static void dump_iptables() { run_command("IPTABLES", 10, "iptables", "-L", "-nvx", NULL); run_command("IP6TABLES", 10, "ip6tables", "-L", "-nvx", NULL); - run_command("IPTABLE NAT", 10, "iptables", "-t", "nat", "-L", "-nvx", NULL); + run_command("IPTABLES NAT", 10, "iptables", "-t", "nat", "-L", "-nvx", NULL); /* no ip6 nat */ - run_command("IPTABLE MANGLE", 10, "iptables", "-t", "mangle", "-L", "-nvx", NULL); - run_command("IP6TABLE MANGLE", 10, "ip6tables", "-t", "mangle", "-L", "-nvx", NULL); - run_command("IPTABLE RAW", 10, "iptables", "-t", "raw", "-L", "-nvx", NULL); - run_command("IP6TABLE RAW", 10, "ip6tables", "-t", "raw", "-L", "-nvx", NULL); + run_command("IPTABLES MANGLE", 10, "iptables", "-t", "mangle", "-L", "-nvx", NULL); + run_command("IP6TABLES MANGLE", 10, "ip6tables", "-t", "mangle", "-L", "-nvx", NULL); + run_command("IPTABLES RAW", 10, "iptables", "-t", "raw", "-L", "-nvx", NULL); + run_command("IP6TABLES RAW", 10, "ip6tables", "-t", "raw", "-L", "-nvx", NULL); } static void dumpstate(const std::string& screenshot_path, const std::string& version) { @@ -1373,6 +1373,9 @@ int main(int argc, char *argv[]) { add_mountinfo(); dump_iptables(); + // Capture any IPSec policies in play. No keys are exposed here. + run_command("IP XFRM POLICY", 10, "ip", "xfrm", "policy", nullptr); + // Run ss as root so we can see socket marks. run_command("DETAILED SOCKET STATE", 10, "ss", "-eionptu", NULL); |