verbose output for ip xfrm command?

Question

I have an up script for strongswan that adds policies like this: ip xfrm policy add dir in src $PLUTO_PEER_CLIENT dst 0.0.0.0/0 proto any varl src $PLUTO_PEER dst $PLUTO_ME proto esp mode tunnel reqid $PLUTO_REQID level required priority 1500 mark 0xfffe

I want to log the output of that command to a log file but there seems to be no output or verbose switch?

this gives me nothing: ip xfrm policy add dir in src $PLUTO_PEER_CLIENT dst 0.0.0.0/0 proto any varl src $PLUTO_PEER dst $PLUTO_ME proto esp mode tunnel reqid $PLUTO_REQID level required priority 1500 mark 0xfffe >> /var/log/mylog.log

Output that includes the command that was run and if it succeeded or failed- like how verbose prettyuch always works — red888, Oct 09 '18 at 12:49

score 0 · Answer 1 · answered Oct 09 '18 at 16:23

iproute2 does not generate any output for modifying commands (like add or del) unless there is something wrong with the arguments or the kernel (e.g permission denied). In which case an error message is written to stderr (so to capture that you'd have to add 2>>&1 to your command, or directly redirect stderr to the log file without even changing stdout).

Whether the command was successful you can easily check via exit status ($? or via || <whatever should happen if the command fails> after the command) as that's documented to be 0 on success and 1 or 2 on failure (refer to man ip for details).

And to log/see the command that was executed you could probably just rely on the shell (see e.g. this question on stackoverflow.com), or e.g. wrap the command so it's first echoed to the log and then executed.

verbose output for ip xfrm command?

1 Answers1