src: handle rule tracing as an monitor object

Traces are not an event type, they should be handled as an object.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

4 files changed, 8 insertions, 27 deletions

diff --git a/include/rule.h b/include/rule.h
index e2200272..a0edda2f 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -397,6 +397,7 @@ enum {
 	CMD_MONITOR_OBJ_SETS,
 	CMD_MONITOR_OBJ_ELEMS,
 	CMD_MONITOR_OBJ_RULESET,
+	CMD_MONITOR_OBJ_TRACE,
 	CMD_MONITOR_OBJ_MAX
 };
 
diff --git a/src/evaluate.c b/src/evaluate.c
index 959e8542..d24526fe 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3218,7 +3218,6 @@ enum {
 	CMD_MONITOR_EVENT_ANY,
 	CMD_MONITOR_EVENT_NEW,
 	CMD_MONITOR_EVENT_DEL,
-	CMD_MONITOR_EVENT_TRACE,
 	CMD_MONITOR_EVENT_MAX
 };
 
@@ -3247,6 +3246,7 @@ static uint32_t monitor_flags[CMD_MONITOR_EVENT_MAX][CMD_MONITOR_OBJ_MAX] = {
 						  (1 << NFT_MSG_DELSETELEM) |
 						  (1 << NFT_MSG_NEWOBJ)	  |
 						  (1 << NFT_MSG_DELOBJ),
+		[CMD_MONITOR_OBJ_TRACE]		= (1 << NFT_MSG_TRACE),
 	},
 	[CMD_MONITOR_EVENT_NEW] = {
 		[CMD_MONITOR_OBJ_ANY]		= (1 << NFT_MSG_NEWTABLE) |
@@ -3264,7 +3264,8 @@ static uint32_t monitor_flags[CMD_MONITOR_EVENT_MAX][CMD_MONITOR_OBJ_MAX] = {
 						  (1 << NFT_MSG_NEWRULE)  |
 						  (1 << NFT_MSG_NEWSET)   |
 						  (1 << NFT_MSG_NEWSETELEM) |
-						  (1 << NFT_MSG_NEWOBJ)
+						  (1 << NFT_MSG_NEWOBJ),
+		[CMD_MONITOR_OBJ_TRACE]		= 0,
 	},
 	[CMD_MONITOR_EVENT_DEL] = {
 		[CMD_MONITOR_OBJ_ANY]		= (1 << NFT_MSG_DELTABLE) |
@@ -3283,29 +3284,7 @@ static uint32_t monitor_flags[CMD_MONITOR_EVENT_MAX][CMD_MONITOR_OBJ_MAX] = {
 						  (1 << NFT_MSG_DELSET)   |
 						  (1 << NFT_MSG_DELSETELEM) |
 						  (1 << NFT_MSG_DELOBJ),
-	},
-	[CMD_MONITOR_EVENT_TRACE] = {
-		[CMD_MONITOR_OBJ_ANY]		= (1 << NFT_MSG_NEWTABLE) |
-						  (1 << NFT_MSG_NEWCHAIN) |
-						  (1 << NFT_MSG_NEWRULE)  |
-						  (1 << NFT_MSG_DELTABLE) |
-						  (1 << NFT_MSG_DELCHAIN) |
-						  (1 << NFT_MSG_DELRULE)  |
-						  (1 << NFT_MSG_TRACE),
-		[CMD_MONITOR_OBJ_TABLES]	= (1 << NFT_MSG_NEWTABLE) |
-						  (1 << NFT_MSG_DELTABLE),
-		[CMD_MONITOR_OBJ_CHAINS]	= (1 << NFT_MSG_NEWCHAIN) |
-						  (1 << NFT_MSG_DELCHAIN),
-		[CMD_MONITOR_OBJ_RULES]		= (1 << NFT_MSG_NEWRULE) |
-						  (1 << NFT_MSG_DELRULE),
-		[CMD_MONITOR_OBJ_RULESET]       = (1 << NFT_MSG_NEWTABLE) |
-						  (1 << NFT_MSG_NEWCHAIN) |
-						  (1 << NFT_MSG_NEWRULE)  |
-						  (1 << NFT_MSG_NEWOBJ)	  |
-						  (1 << NFT_MSG_DELTABLE) |
-						  (1 << NFT_MSG_DELCHAIN) |
-						  (1 << NFT_MSG_DELRULE)  |
-						  (1 << NFT_MSG_DELOBJ),
+		[CMD_MONITOR_OBJ_TRACE]		= 0,
 	},
 };
 
@@ -3324,8 +3303,6 @@ static int cmd_evaluate_monitor(struct eval_ctx *ctx, struct cmd *cmd)
 		event = CMD_MONITOR_EVENT_NEW;
 	else if (strcmp(cmd->monitor->event, "destroy") == 0)
 		event = CMD_MONITOR_EVENT_DEL;
-	else if (strcmp(cmd->monitor->event, "trace") == 0)
-		event = CMD_MONITOR_EVENT_TRACE;
 	else {
 		return monitor_error(ctx, cmd->monitor, "invalid event %s",
 				     cmd->monitor->event);
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 86baf23a..e7bb9097 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -194,6 +194,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
 %token MAPS			"maps"
 %token HANDLE			"handle"
 %token RULESET			"ruleset"
+%token TRACE			"trace"
 
 %token INET			"inet"
 %token NETDEV			"netdev"
@@ -1196,6 +1197,7 @@ monitor_object		:	/* empty */	{ $$ = CMD_MONITOR_OBJ_ANY; }
 			|	RULES		{ $$ = CMD_MONITOR_OBJ_RULES; }
 			|	ELEMENTS	{ $$ = CMD_MONITOR_OBJ_ELEMS; }
 			|	RULESET		{ $$ = CMD_MONITOR_OBJ_RULESET; }
+			|	TRACE		{ $$ = CMD_MONITOR_OBJ_TRACE; }
 			;
 
 monitor_format		:	/* empty */	{ $$ = NFTNL_OUTPUT_DEFAULT; }
diff --git a/src/scanner.l b/src/scanner.l
index 7d5437f1..b6ba32d8 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -250,6 +250,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "maps"			{ return MAPS; }
 "handle"		{ return HANDLE; }
 "ruleset"		{ return RULESET; }
+"trace"			{ return TRACE; }
 
 "accept"		{ return ACCEPT; }
 "drop"			{ return DROP; }