* [PATCH nft 1/2] monitor: display rule position handle
@ 2021-09-20 22:54 Pablo Neira Ayuso
2021-09-20 22:54 ` [PATCH nft 2/2] monitor: honor NLM_F_APPEND flag Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2021-09-20 22:54 UTC (permalink / raw)
To: netfilter-devel
This allow to locate the incremental update in the ruleset.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/monitor.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/monitor.c b/src/monitor.c
index 144fe96c2898..ffaa39b67304 100644
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -541,7 +541,10 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type,
family,
r->handle.table.name,
r->handle.chain.name);
-
+ if (r->handle.position.id) {
+ nft_mon_print(monh, "handle %" PRIu64" ",
+ r->handle.position.id);
+ }
switch (type) {
case NFT_MSG_NEWRULE:
rule_print(r, &monh->ctx->nft->output);
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH nft 2/2] monitor: honor NLM_F_APPEND flag
2021-09-20 22:54 [PATCH nft 1/2] monitor: display rule position handle Pablo Neira Ayuso
@ 2021-09-20 22:54 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2021-09-20 22:54 UTC (permalink / raw)
To: netfilter-devel
Print 'add' or 'insert' according to this netlink flag.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/monitor.c | 37 ++++++++++++++++++++++++-------------
1 file changed, 24 insertions(+), 13 deletions(-)
diff --git a/src/monitor.c b/src/monitor.c
index ffaa39b67304..bb60a70a11ac 100644
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -40,6 +40,12 @@
#include <iface.h>
#include <json.h>
+enum {
+ NFT_OF_EVENT_ADD,
+ NFT_OF_EVENT_INSERT,
+ NFT_OF_EVENT_DEL,
+};
+
#define nft_mon_print(monh, ...) nft_print(&monh->ctx->nft->output, __VA_ARGS__)
struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh)
@@ -120,9 +126,9 @@ struct nftnl_obj *netlink_obj_alloc(const struct nlmsghdr *nlh)
return nlo;
}
-static uint32_t netlink_msg2nftnl_of(uint32_t msg)
+static uint32_t netlink_msg2nftnl_of(uint32_t type, uint16_t flags)
{
- switch (msg) {
+ switch (type) {
case NFT_MSG_NEWTABLE:
case NFT_MSG_NEWCHAIN:
case NFT_MSG_NEWSET:
@@ -130,7 +136,10 @@ static uint32_t netlink_msg2nftnl_of(uint32_t msg)
case NFT_MSG_NEWRULE:
case NFT_MSG_NEWOBJ:
case NFT_MSG_NEWFLOWTABLE:
- return NFTNL_OF_EVENT_NEW;
+ if (flags & NLM_F_APPEND)
+ return NFT_OF_EVENT_ADD;
+ else
+ return NFT_OF_EVENT_INSERT;
case NFT_MSG_DELTABLE:
case NFT_MSG_DELCHAIN:
case NFT_MSG_DELSET:
@@ -147,18 +156,20 @@ static uint32_t netlink_msg2nftnl_of(uint32_t msg)
static const char *nftnl_of2cmd(uint32_t of)
{
switch (of) {
- case NFTNL_OF_EVENT_NEW:
+ case NFT_OF_EVENT_ADD:
return "add";
- case NFTNL_OF_EVENT_DEL:
+ case NFT_OF_EVENT_INSERT:
+ return "insert";
+ case NFT_OF_EVENT_DEL:
return "delete";
default:
return "???";
}
}
-static const char *netlink_msg2cmd(uint32_t msg)
+static const char *netlink_msg2cmd(uint32_t type, uint16_t flags)
{
- return nftnl_of2cmd(netlink_msg2nftnl_of(msg));
+ return nftnl_of2cmd(netlink_msg2nftnl_of(type, flags));
}
static void nlr_for_each_set(struct nftnl_rule *nlr,
@@ -206,7 +217,7 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type,
nlt = netlink_table_alloc(nlh);
t = netlink_delinearize_table(monh->ctx, nlt);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
@@ -243,7 +254,7 @@ static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type,
nlc = netlink_chain_alloc(nlh);
c = netlink_delinearize_chain(monh->ctx, nlc);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
@@ -292,7 +303,7 @@ static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type,
return MNL_CB_ERROR;
}
family = family2str(set->handle.family);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
@@ -394,7 +405,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
table = nftnl_set_get_str(nls, NFTNL_SET_TABLE);
setname = nftnl_set_get_str(nls, NFTNL_SET_NAME);
family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
set = set_lookup_global(family, table, setname, &monh->ctx->nft->cache);
if (set == NULL) {
@@ -482,7 +493,7 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type,
return MNL_CB_ERROR;
}
family = family2str(obj->handle.family);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
@@ -530,7 +541,7 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type,
r = netlink_delinearize_rule(monh->ctx, nlr);
nlr_for_each_set(nlr, rule_map_decompose_cb, NULL,
&monh->ctx->nft->cache);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-20 22:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-20 22:54 [PATCH nft 1/2] monitor: display rule position handle Pablo Neira Ayuso
2021-09-20 22:54 ` [PATCH nft 2/2] monitor: honor NLM_F_APPEND flag Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).