Add line_num to filtering rules with DEBUG_PROXY

Error out unit tests if DEBUG_PROXY enabled, because we debug print
line_num if DEBUG_PROXY enabled. We cannot support line_num in expected
debug output, it would make things complicated with very little benefit.

src/filter.c

@@ -438,7 +438,7 @@ filter_macro_copy(macro_t *macro, const char *argv0, opts_t *opts)
 }
 
 int
-filter_rules_copy(filter_rule_t *rule, const char *argv0, opts_t *opts)
+filter_rule_copy(filter_rule_t *rule, const char *argv0, opts_t *opts)
 {
 	while (rule) {
 		filter_rule_t *r = malloc(sizeof(filter_rule_t));
@@ -603,7 +603,11 @@ filter_rule_str(filter_rule_t *rule)
 #ifndef WITHOUT_MIRROR
 				"|%s"
 #endif /* !WITHOUT_MIRROR */
-				", apply to=%s|%s|%s|%s|%s, precedence=%d%s%s",
+				", apply to=%s|%s|%s|%s|%s, precedence=%d"
+#ifdef DEBUG_PROXY
+				", line=%d"
+#endif /* DEBUG_PROXY */
+				"%s%s",
 				rule->site, STRORNONE(rule->port), STRORNONE(rule->ip),
 #ifndef WITHOUT_USERAUTH
 				STRORNONE(rule->user), STRORNONE(rule->desc),
@@ -625,7 +629,11 @@ filter_rule_str(filter_rule_t *rule)
 				rule->action.log_mirror ? (rule->action.log_mirror == 1 ? "!mirror" : "mirror") : "",
 #endif /* !WITHOUT_MIRROR */
 				rule->dstip ? "dstip" : "", rule->sni ? "sni" : "", rule->cn ? "cn" : "", rule->host ? "host" : "", rule->uri ? "uri" : "",
-				rule->action.precedence, strlen(copts_str) ? "\n  " : "", copts_str) < 0) {
+				rule->action.precedence,
+#ifdef DEBUG_PROXY
+				rule->action.line_num,
+#endif /* DEBUG_PROXY */
+				strlen(copts_str) ? "\n  " : "", copts_str) < 0) {
 			if (copts_str)
 				free(copts_str);
 			goto err;
@@ -673,7 +681,11 @@ filter_port_str(filter_port_list_t *port_list)
 #ifndef WITHOUT_MIRROR
 				"|%s"
 #endif /* !WITHOUT_MIRROR */
-				", precedence=%d%s%s)", STRORNONE(s), count,
+				", precedence=%d"
+#ifdef DEBUG_PROXY
+				", line=%d"
+#endif /* DEBUG_PROXY */
+				"%s%s)", STRORNONE(s), count,
 				port_list->port->port, port_list->port->all_ports ? "all_ports, " : "", port_list->port->exact ? "exact" : "substring",
 				port_list->port->action.divert ? "divert" : "", port_list->port->action.split ? "split" : "", port_list->port->action.pass ? "pass" : "", port_list->port->action.block ? "block" : "", port_list->port->action.match ? "match" : "",
 				port_list->port->action.log_connect ? (port_list->port->action.log_connect == 1 ? "!connect" : "connect") : "", port_list->port->action.log_master ? (port_list->port->action.log_master == 1 ? "!master" : "master") : "",
@@ -683,6 +695,9 @@ filter_port_str(filter_port_list_t *port_list)
 				port_list->port->action.log_mirror ? (port_list->port->action.log_mirror == 1 ? "!mirror" : "mirror") : "",
 #endif /* !WITHOUT_MIRROR */
 				port_list->port->action.precedence,
+#ifdef DEBUG_PROXY
+				port_list->port->action.line_num,
+#endif /* DEBUG_PROXY */
 				strlen(copts_str) ? "\n            " : "", copts_str) < 0) {
 			if (copts_str)
 				free(copts_str);
@@ -765,7 +780,11 @@ filter_sites_str(filter_site_list_t *site_list)
 #ifndef WITHOUT_MIRROR
 				"|%s"
 #endif /* !WITHOUT_MIRROR */
-				", precedence=%d%s%s)%s%s%s%s%s%s",
+				", precedence=%d"
+#ifdef DEBUG_PROXY
+				", line=%d"
+#endif /* DEBUG_PROXY */
+				"%s%s)%s%s%s%s%s%s",
 				STRORNONE(s), count,
 				site_list->site->site, site_list->site->all_sites ? "all_sites, " : "", site_list->site->exact ? "exact" : "substring",
 				site_list->site->action.divert ? "divert" : "", site_list->site->action.split ? "split" : "", site_list->site->action.pass ? "pass" : "", site_list->site->action.block ? "block" : "", site_list->site->action.match ? "match" : "",
@@ -776,6 +795,9 @@ filter_sites_str(filter_site_list_t *site_list)
 				site_list->site->action.log_mirror ? (site_list->site->action.log_mirror == 1 ? "!mirror" : "mirror") : "",
 #endif /* !WITHOUT_MIRROR */
 				site_list->site->action.precedence,
+#ifdef DEBUG_PROXY
+				site_list->site->action.line_num,
+#endif /* DEBUG_PROXY */
 				strlen(copts_str) ? "\n        " : "", copts_str,
 				ports_exact ? "\n        port exact:" : "", STRORNONE(ports_exact),
 				ports_substring ? "\n        port substring:" : "", STRORNONE(ports_substring),
@@ -1411,7 +1433,11 @@ filter_rule_dbg_print(filter_rule_t *rule)
 #ifndef WITHOUT_MIRROR
 		"|%s"
 #endif /* !WITHOUT_MIRROR */
-		", apply to=%s|%s|%s|%s|%s, precedence=%d%s%s\n",
+		", apply to=%s|%s|%s|%s|%s, precedence=%d"
+#ifdef DEBUG_PROXY
+		", line=%d"
+#endif /* DEBUG_PROXY */
+		"%s%s\n",
 		rule->site, STRORNONE(rule->port), STRORNONE(rule->ip),
 #ifndef WITHOUT_USERAUTH
 		STRORNONE(rule->user), STRORNONE(rule->desc),
@@ -1433,7 +1459,11 @@ filter_rule_dbg_print(filter_rule_t *rule)
 		rule->action.log_mirror ? (rule->action.log_mirror == 1 ? "!mirror" : "mirror") : "",
 #endif /* !WITHOUT_MIRROR */
 		rule->dstip ? "dstip" : "", rule->sni ? "sni" : "", rule->cn ? "cn" : "", rule->host ? "host" : "", rule->uri ? "uri" : "",
-		rule->action.precedence, strlen(copts_str) ? "\n  " : "", copts_str);
+		rule->action.precedence,
+#ifdef DEBUG_PROXY
+		rule->action.line_num,
+#endif /* DEBUG_PROXY */
+		strlen(copts_str) ? "\n  " : "", copts_str);
 
 	free(copts_str);
 }
@@ -2011,6 +2041,10 @@ filter_rule_translate(opts_t *opts, const char *name, int argc, char **argv, uns
 		rule->uri = 1;
 	}
 
+#ifdef DEBUG_PROXY
+	rule->action.line_num = line_num;
+#endif /* DEBUG_PROXY */
+
 	append_list(&opts->filter_rules, rule, filter_rule_t);
 
 #ifdef DEBUG_OPTS
@@ -2506,6 +2540,10 @@ filter_rule_struct_translate_nvls(opts_t *opts, name_value_lines_t nvls[], int n
 		}
 	}
 
+#ifdef DEBUG_PROXY
+	rule->action.line_num = tmp_opts->line_num;
+#endif /* DEBUG_PROXY */
+
 	append_list(&opts->filter_rules, rule, filter_rule_t);
 
 #ifdef DEBUG_OPTS
@@ -2710,6 +2748,10 @@ load_filterrule_struct(opts_t *opts, conn_opts_t *conn_opts, const char *argv0,
 		goto err;
 	}
 
+#ifdef DEBUG_PROXY
+	tmp_opts->line_num = *line_num;
+#endif /* DEBUG_PROXY */
+
 	int closing_brace = 0;
 
 	while (!feof(f) && !closing_brace) {
@@ -2912,6 +2954,9 @@ filter_port_add(filter_site_t *site, filter_rule_t *rule, const char *argv0, tmp
 		}
 
 		port->action.precedence = rule->action.precedence;
+#ifdef DEBUG_PROXY
+		port->action.line_num = rule->action.line_num;
+#endif /* DEBUG_PROXY */
 	}
 	return 0;
 }
@@ -3058,6 +3103,9 @@ filter_site_add(kbtree_t(site) **btree, ACMachine(char) **acm, filter_site_t **a
 		}
 
 		site->action.precedence = rule->action.precedence;
+#ifdef DEBUG_PROXY
+		site->action.line_num = rule->action.line_num;
+#endif /* DEBUG_PROXY */
 	}
 	return 0;
 }

src/filter.h

@@ -113,6 +113,10 @@ typedef struct filter_action {
 	// Precedence is used in rule application
 	// More specific rules have higher precedence
 	unsigned int precedence;
+
+#ifdef DEBUG_PROXY
+	unsigned int line_num;
+#endif /* DEBUG_PROXY */
 } filter_action_t;
 
 typedef struct filter_rule {
@@ -294,7 +298,7 @@ void filter_rules_free(opts_t *) NONNULL(1);
 void filter_free(opts_t *) NONNULL(1);
 
 int filter_macro_copy(macro_t *, const char *, opts_t *) NONNULL(2,3) WUNRES;
-int filter_rules_copy(filter_rule_t *, const char *, opts_t *) NONNULL(2,3) WUNRES;
+int filter_rule_copy(filter_rule_t *, const char *, opts_t *) NONNULL(2,3) WUNRES;
 
 char *filter_macro_str(macro_t *);
 char *filter_rule_str(filter_rule_t *);

src/opts.c

@@ -534,6 +534,9 @@ tmp_opts_copy(tmp_opts_t *src_tmp_opts)
 		tmp_opts->dh_str = strdup(src_tmp_opts->dh_str);
 	tmp_opts->split = src_tmp_opts->split;
 	tmp_opts->include = src_tmp_opts->include;
+#ifdef DEBUG_PROXY
+	tmp_opts->line_num = src_tmp_opts->line_num;
+#endif /* DEBUG_PROXY */
 
 	return tmp_opts;
 }
@@ -669,7 +672,7 @@ global_opts_copy(global_t *global, const char *argv0)
 	if (filter_macro_copy(global->opts->macro, argv0, opts) == -1)
 		return oom_return_null(argv0);
 
-	if (filter_rules_copy(global->opts->filter_rules, argv0, opts) == -1)
+	if (filter_rule_copy(global->opts->filter_rules, argv0, opts) == -1)
 		return oom_return_null(argv0);
 
 	return opts;

src/opts.h

@@ -203,6 +203,9 @@ typedef struct tmp_opts {
 	unsigned int split : 1;
 	// Prevents Include option in include files
 	unsigned int include : 1;
+#ifdef DEBUG_PROXY
+	unsigned int line_num;
+#endif /* DEBUG_PROXY */
 } tmp_opts_t;
 
 struct global {

src/protohttp.c

@@ -396,27 +396,27 @@ protohttp_filter_match_host(pxy_conn_ctx_t *ctx, filter_list_t *list)
 		return NULL;
 
 #ifndef WITHOUT_USERAUTH
-	log_fine_va("Found site: %s for %s:%s, %s:%s, %s, %s, %s", site->site,
+	log_fine_va("Found site (line=%d): %s for %s:%s, %s:%s, %s, %s, %s", site->action.line_num, site->site,
 		STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
 		STRORDASH(ctx->user), STRORDASH(ctx->desc), STRORDASH(http_ctx->http_host));
 #else /* WITHOUT_USERAUTH */
-	log_fine_va("Found site: %s for %s:%s, %s:%s, %s", site->site,
+	log_fine_va("Found site (line=%d): %s for %s:%s, %s:%s, %s", site->action.line_num, site->site,
 		STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
 		STRORDASH(http_ctx->http_host));
 #endif /* WITHOUT_USERAUTH */
 
 	if (!site->port_btree && !site->port_acm && (site->action.precedence < ctx->filter_precedence)) {
-		log_finest_va("Rule precedence lower than conn filter precedence %d < %d: %s, %s", site->action.precedence, ctx->filter_precedence, site->site, http_ctx->http_host);
+		log_finest_va("Rule precedence lower than conn filter precedence %d < %d (line=%d): %s, %s", site->action.precedence, ctx->filter_precedence, site->action.line_num, site->site, http_ctx->http_host);
 		return NULL;
 	}
 
 #ifdef DEBUG_PROXY
 	if (site->all_sites)
-		log_finest_va("Match all host: %s, %s", site->site, http_ctx->http_host);
+		log_finest_va("Match all host (line=%d): %s, %s", site->action.line_num, site->site, http_ctx->http_host);
 	else if (site->exact)
-		log_finest_va("Match exact with host: %s, %s", site->site, http_ctx->http_host);
+		log_finest_va("Match exact with host (line=%d): %s, %s", site->action.line_num, site->site, http_ctx->http_host);
 	else
-		log_finest_va("Match substring in host: %s, %s", site->site, http_ctx->http_host);
+		log_finest_va("Match substring in host (line=%d): %s, %s", site->action.line_num, site->site, http_ctx->http_host);
 #endif /* DEBUG_PROXY */
 
 	filter_action_t *port_action = pxy_conn_filter_port(ctx, site);
@@ -436,27 +436,27 @@ protohttp_filter_match_uri(pxy_conn_ctx_t *ctx, filter_list_t *list)
 		return NULL;
 
 #ifndef WITHOUT_USERAUTH
-	log_fine_va("Found site: %s for %s:%s, %s:%s, %s, %s, %s", site->site,
+	log_fine_va("Found site (line=%d): %s for %s:%s, %s:%s, %s, %s, %s", site->action.line_num, site->site,
 		STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
 		STRORDASH(ctx->user), STRORDASH(ctx->desc), STRORDASH(http_ctx->http_uri));
 #else /* WITHOUT_USERAUTH */
-	log_fine_va("Found site: %s for %s:%s, %s:%s, %s", site->site,
+	log_fine_va("Found site (line=%d): %s for %s:%s, %s:%s, %s", site->action.line_num, site->site,
 		STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
 		STRORDASH(http_ctx->http_uri));
 #endif /* WITHOUT_USERAUTH */
 
 	if (!site->port_btree && !site->port_acm && (site->action.precedence < ctx->filter_precedence)) {
-		log_finest_va("Rule precedence lower than conn filter precedence %d < %d: %s, %s", site->action.precedence, ctx->filter_precedence, site->site, http_ctx->http_uri);
+		log_finest_va("Rule precedence lower than conn filter precedence %d < %d (line=%d): %s, %s", site->action.precedence, ctx->filter_precedence, site->action.line_num, site->site, http_ctx->http_uri);
 		return NULL;
 	}
 
 #ifdef DEBUG_PROXY
 	if (site->all_sites)
-		log_finest_va("Match all uri: %s, %s", site->site, http_ctx->http_uri);
+		log_finest_va("Match all uri (line=%d): %s, %s", site->action.line_num, site->site, http_ctx->http_uri);
 	else if (site->exact)
-		log_finest_va("Match exact with uri: %s, %s", site->site, http_ctx->http_uri);
+		log_finest_va("Match exact with uri (line=%d): %s, %s", site->action.line_num, site->site, http_ctx->http_uri);
 	else
-		log_finest_va("Match substring in uri: %s, %s", site->site, http_ctx->http_uri);
+		log_finest_va("Match substring in uri (line=%d): %s, %s", site->action.line_num, site->site, http_ctx->http_uri);
 #endif /* DEBUG_PROXY */
 
 	filter_action_t *port_action = pxy_conn_filter_port(ctx, site);

src/protossl.c

@@ -598,27 +598,27 @@ protossl_filter_match_sni(pxy_conn_ctx_t *ctx, filter_list_t *list)
 		return NULL;
 
 #ifndef WITHOUT_USERAUTH
-	log_fine_va("Found site: %s for %s:%s, %s:%s, %s, %s, %s", site->site,
+	log_fine_va("Found site (line=%d): %s for %s:%s, %s:%s, %s, %s, %s", site->action.line_num, site->site,
 		STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
 		STRORDASH(ctx->user), STRORDASH(ctx->desc), STRORDASH(ctx->sslctx->sni));
 #else /* WITHOUT_USERAUTH */
-	log_fine_va("Found site: %s for %s:%s, %s:%s, %s", site->site,
+	log_fine_va("Found site (line=%d): %s for %s:%s, %s:%s, %s", site->action.line_num, site->site,
 		STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
 		STRORDASH(ctx->sslctx->sni));
 #endif /* WITHOUT_USERAUTH */
 
 	if (!site->port_btree && !site->port_acm && (site->action.precedence < ctx->filter_precedence)) {
-		log_finest_va("Rule precedence lower than conn filter precedence %d < %d: %s, %s", site->action.precedence, ctx->filter_precedence, site->site, ctx->sslctx->sni);
+		log_finest_va("Rule precedence lower than conn filter precedence %d < %d (line=%d): %s, %s", site->action.precedence, ctx->filter_precedence, site->action.line_num, site->site, ctx->sslctx->sni);
 		return NULL;
 	}
 
 #ifdef DEBUG_PROXY
 	if (site->all_sites)
-		log_finest_va("Match all sni: %s, %s", site->site, ctx->sslctx->sni);
+		log_finest_va("Match all sni (line=%d): %s, %s", site->action.line_num, site->site, ctx->sslctx->sni);
 	else if (site->exact)
-		log_finest_va("Match exact with sni: %s, %s", site->site, ctx->sslctx->sni);
+		log_finest_va("Match exact with sni (line=%d): %s, %s", site->action.line_num, site->site, ctx->sslctx->sni);
 	else
-		log_finest_va("Match substring in sni: %s, %s", site->site, ctx->sslctx->sni);
+		log_finest_va("Match substring in sni (line=%d): %s, %s", site->action.line_num, site->site, ctx->sslctx->sni);
 #endif /* DEBUG_PROXY */
 
 	filter_action_t *port_action = pxy_conn_filter_port(ctx, site);
@@ -660,7 +660,7 @@ protossl_filter_match_cn(pxy_conn_ctx_t *ctx, filter_list_t *list)
 			if (argc++ < MAX_CN_TOKENS) {
 				site = filter_site_exact_match(list->cn_btree, p);
 				if (site) {
-					log_finest_va("Match exact with common name (%d): %s, %s", argc, p, ctx->sslctx->ssl_names);
+					log_finest_va("Match exact with common name (%d) (line=%d): %s, %s", argc, site->action.line_num, p, ctx->sslctx->ssl_names);
 					break;
 				}
 			}
@@ -674,29 +674,29 @@ protossl_filter_match_cn(pxy_conn_ctx_t *ctx, filter_list_t *list)
 	if (!site) {
 		site = filter_site_substring_match(list->cn_acm, ctx->sslctx->ssl_names);
 		if (site)
-			log_finest_va("Match substring in common names: %s, %s", site->site, ctx->sslctx->ssl_names);
+			log_finest_va("Match substring in common names (line=%d): %s, %s", site->action.line_num, site->site, ctx->sslctx->ssl_names);
 	}
 
 	if (!site)
 		return NULL;
 
 #ifndef WITHOUT_USERAUTH
-	log_fine_va("Found site: %s for %s:%s, %s:%s, %s, %s, %s", site->site,
+	log_fine_va("Found site (line=%d): %s for %s:%s, %s:%s, %s, %s, %s", site->action.line_num, site->site,
 		STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
 		STRORDASH(ctx->user), STRORDASH(ctx->desc), STRORDASH(ctx->sslctx->ssl_names));
 #else /* WITHOUT_USERAUTH */
-	log_fine_va("Found site: %s for %s:%s, %s:%s, %s", site->site,
+	log_fine_va("Found site (line=%d): %s for %s:%s, %s:%s, %s", site->action.line_num, site->site,
 		STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
 		STRORDASH(ctx->sslctx->ssl_names));
 #endif /* WITHOUT_USERAUTH */
 
 	if (!site->port_btree && !site->port_acm && (site->action.precedence < ctx->filter_precedence)) {
-		log_finest_va("Rule precedence lower than conn filter precedence %d < %d: %s, %s", site->action.precedence, ctx->filter_precedence, site->site, ctx->sslctx->ssl_names);
+		log_finest_va("Rule precedence lower than conn filter precedence %d < %d (line=%d): %s, %s", site->action.precedence, ctx->filter_precedence, site->action.line_num, site->site, ctx->sslctx->ssl_names);
 		return NULL;
 	}
 
 	if (site->all_sites)
-		log_finest_va("Match all common names: %s, %s", site->site, ctx->sslctx->ssl_names);
+		log_finest_va("Match all common names (line=%d): %s, %s", site->action.line_num, site->site, ctx->sslctx->ssl_names);
 
 	filter_action_t *port_action = pxy_conn_filter_port(ctx, site);
 	if (port_action)

src/pxyconn.c

@@ -1643,22 +1643,22 @@ pxy_conn_filter_match_ip(pxy_conn_ctx_t *ctx, filter_list_t *list)
 	if (!site)
 		return NULL;
 
-	log_fine_va("Found site: %s for %s:%s, %s:%s", site->site,
+	log_fine_va("Found site (line=%d): %s for %s:%s, %s:%s", site->action.line_num, site->site,
 		STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str));
 
 	// Port spec determines the precedence of a site rule, unless the rule does not have any port
 	if (!site->port_btree && !site->port_acm && (site->action.precedence < ctx->filter_precedence)) {
-		log_finest_va("Rule precedence lower than conn filter precedence %d < %d: %s, %s", site->action.precedence, ctx->filter_precedence, site->site, ctx->dsthost_str);
+		log_finest_va("Rule precedence lower than conn filter precedence %d < %d (line=%d): %s, %s", site->action.precedence, ctx->filter_precedence, site->action.line_num, site->site, ctx->dsthost_str);
 		return NULL;
 	}
 
 #ifdef DEBUG_PROXY
 	if (site->all_sites)
-		log_finest_va("Match all dst: %s, %s", site->site, ctx->dsthost_str);
+		log_finest_va("Match all dst (line=%d): %s, %s", site->action.line_num, site->site, ctx->dsthost_str);
 	else if (site->exact)
-		log_finest_va("Match exact with dst: %s, %s", site->site, ctx->dsthost_str);
+		log_finest_va("Match exact with dst (line=%d): %s, %s", site->action.line_num, site->site, ctx->dsthost_str);
 	else
-		log_finest_va("Match substring in dst: %s, %s", site->site, ctx->dsthost_str);
+		log_finest_va("Match substring in dst (line=%d): %s, %s", site->action.line_num, site->site, ctx->dsthost_str);
 #endif /* DEBUG_PROXY */
 
 	filter_action_t *port_action = pxy_conn_filter_port(ctx, site);
@@ -2210,7 +2210,7 @@ pxy_conn_set_filter_action(filter_action_t *a1, filter_action_t *a2
 #ifdef DEBUG_PROXY
 		site = s2;
 		if (a1 &&  a2 && (a1->precedence < a2->precedence))
-			log_finest_va("Rule 2 has higher precedence than rule 1: %d > %d, %s, %s", a2->precedence, a1->precedence, s2, s1);
+			log_finest_va("Rule 2 has higher precedence than rule 1: %d > %d (line=%d, %d), %s, %s", a2->precedence, a1->precedence, a2->line_num, a1->line_num, s2, s1);
 #endif /* DEBUG_PROXY */
 	} else {
 		a = a1;
@@ -2221,44 +2221,44 @@ pxy_conn_set_filter_action(filter_action_t *a1, filter_action_t *a2
 
 #ifdef DEBUG_PROXY
 	if (a->divert) {
-		log_fine_va("Filter divert action for %s, precedence %d", site, a->precedence);
+		log_fine_va("Filter divert action for %s, precedence %d (line=%d)", site, a->precedence, a->line_num);
 	}
 	else if (a->split) {
-		log_fine_va("Filter split action for %s, precedence %d", site, a->precedence);
+		log_fine_va("Filter split action for %s, precedence %d (line=%d)", site, a->precedence, a->line_num);
 	}
 	else if (a->pass) {
 		// Ignore pass action if already in passthrough mode
 		if (!ctx->pass) {
-			log_fine_va("Filter pass action for %s, precedence %d", site, a->precedence);
+			log_fine_va("Filter pass action for %s, precedence %d (line=%d)", site, a->precedence, a->line_num);
 		}
 	}
 	else if (a->block) {
-		log_fine_va("Filter block action for %s, precedence %d", site, a->precedence);
+		log_fine_va("Filter block action for %s, precedence %d (line=%d)", site, a->precedence, a->line_num);
 	}
 	else if (a->match) {
-		log_fine_va("Filter match action for %s, precedence %d", site, a->precedence);
+		log_fine_va("Filter match action for %s, precedence %d (line=%d)", site, a->precedence, a->line_num);
 	}
 
 	// Multiple log actions can be defined, hence no 'else'
 	// 0: don't change, 1: disable, 2: enable
 	if (a->log_connect) {
-		log_fine_va("Filter %s connect log for %s, precedence %d", a->log_connect % 2 ? "disable" : "enable", site, a->precedence);
+		log_fine_va("Filter %s connect log for %s, precedence %d (line=%d)", a->log_connect % 2 ? "disable" : "enable", site, a->precedence, a->line_num);
 	}
 	if (a->log_master) {
-		log_fine_va("Filter %s master log for %s, precedence %d", a->log_master % 2 ? "disable" : "enable", site, a->precedence);
+		log_fine_va("Filter %s master log for %s, precedence %d (line=%d)", a->log_master % 2 ? "disable" : "enable", site, a->precedence, a->line_num);
 	}
 	if (a->log_cert) {
-		log_fine_va("Filter %s cert log for %s, precedence %d", a->log_cert % 2 ? "disable" : "enable", site, a->precedence);
+		log_fine_va("Filter %s cert log for %s, precedence %d (line=%d)", a->log_cert % 2 ? "disable" : "enable", site, a->precedence, a->line_num);
 	}
 	if (a->log_content) {
-		log_fine_va("Filter %s content log for %s, precedence %d", a->log_content % 2 ? "disable" : "enable", site, a->precedence);
+		log_fine_va("Filter %s content log for %s, precedence %d (line=%d)", a->log_content % 2 ? "disable" : "enable", site, a->precedence, a->line_num);
 	}
 	if (a->log_pcap) {
-		log_fine_va("Filter %s pcap log for %s, precedence %d", a->log_pcap % 2 ? "disable" : "enable", site, a->precedence);
+		log_fine_va("Filter %s pcap log for %s, precedence %d (line=%d)", a->log_pcap % 2 ? "disable" : "enable", site, a->precedence, a->line_num);
 	}
 #ifndef WITHOUT_MIRROR
 	if (a->log_mirror) {
-		log_fine_va("Filter %s mirror log for %s, precedence %d", a->log_mirror % 2 ? "disable" : "enable", site, a->precedence);
+		log_fine_va("Filter %s mirror log for %s, precedence %d (line=%d)", a->log_mirror % 2 ? "disable" : "enable", site, a->precedence, a->line_num);
 	}
 #endif /* !WITHOUT_MIRROR */
 #endif /* DEBUG_PROXY */
@@ -2269,17 +2269,17 @@ static int NONNULL(1,2)
 pxy_conn_filter_match_port(pxy_conn_ctx_t *ctx, filter_port_t *port)
 {
 	if (port->action.precedence < ctx->filter_precedence) {
-		log_finest_va("Rule port precedence lower than conn filter precedence %d < %d: %s, %s", port->action.precedence, ctx->filter_precedence, port->port, ctx->dsthost_str);
+		log_finest_va("Rule port precedence lower than conn filter precedence %d < %d (line=%d): %s, %s", port->action.precedence, ctx->filter_precedence, port->action.line_num, port->port, ctx->dsthost_str);
 		return 0;
 	}
 
 #ifdef DEBUG_PROXY
 	if (port->all_ports)
-		log_finest_va("Match all dst ports: %s, %s", port->port, ctx->dstport_str);
+		log_finest_va("Match all dst ports (line=%d): %s, %s", port->action.line_num, port->port, ctx->dstport_str);
 	else if (port->exact)
-		log_finest_va("Match exact with dst port: %s, %s", port->port, ctx->dstport_str);
+		log_finest_va("Match exact with dst port (line=%d): %s, %s", port->action.line_num, port->port, ctx->dstport_str);
 	else
-		log_finest_va("Match substring in dst port: %s, %s", port->port, ctx->dstport_str);
+		log_finest_va("Match substring in dst port (line=%d): %s, %s", port->action.line_num, port->port, ctx->dstport_str);
 #endif /* DEBUG_PROXY */
 
 	return 1;
@@ -2290,7 +2290,7 @@ pxy_conn_filter_port(pxy_conn_ctx_t *ctx, filter_site_t *site)
 {
 	filter_port_t *port = filter_port_find(site, ctx->dstport_str);
 	if (port) {
-		log_fine_va("Found port: %s for %s:%s, %s:%s", port->port,
+		log_fine_va("Found port (line=%d): %s for %s:%s, %s:%s", port->action.line_num, port->port,
 			STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str));
 		if (pxy_conn_filter_match_port(ctx, port))
 			return &port->action;

tests/check/GNUmakefile

@@ -34,6 +34,10 @@ buildtest: $(TARGET).test
 	$(MAKE) -C engine
 	$(MAKE) -C pki testreqs
 
+ifeq ($(findstring -DDEBUG_PROXY,$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "Features: ")),-DDEBUG_PROXY)
+$(error Unit tests cannot run with DEBUG_PROXY feature enabled, disable DEBUG_PROXY feature in main makefile and try again)
+endif
+
 test: buildtest
 	./$(TARGET).test