diff options
author | Phil Sutter <phil@nwl.cc> | 2018-10-11 17:49:00 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-15 13:37:51 +0200 |
commit | 9e88aae28e9f44d010f3ecf7577357f4c0e7d622 (patch) | |
tree | e76ae3b1c7719ca9d5525acb4903d4843a8c0088 /src/monitor.c | |
parent | 90ed4fb3855f0d9d881b812c75e338e5e93081ba (diff) |
monitor: Use libnftables JSON output
This switches 'nft monitor' JSON output from using libnftnl's to
libnftables' implementation.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/monitor.c')
-rw-r--r-- | src/monitor.c | 281 |
1 files changed, 143 insertions, 138 deletions
diff --git a/src/monitor.c b/src/monitor.c index 3e70b89f..213c40d1 100644 --- a/src/monitor.c +++ b/src/monitor.c @@ -38,6 +38,7 @@ #include <utils.h> #include <erec.h> #include <iface.h> +#include <json.h> #define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__) @@ -127,18 +128,39 @@ static uint32_t netlink_msg2nftnl_of(uint32_t msg) case NFT_MSG_NEWSET: case NFT_MSG_NEWSETELEM: case NFT_MSG_NEWRULE: + case NFT_MSG_NEWOBJ: + case NFT_MSG_NEWFLOWTABLE: return NFTNL_OF_EVENT_NEW; case NFT_MSG_DELTABLE: case NFT_MSG_DELCHAIN: case NFT_MSG_DELSET: case NFT_MSG_DELSETELEM: case NFT_MSG_DELRULE: + case NFT_MSG_DELOBJ: + case NFT_MSG_DELFLOWTABLE: return NFTNL_OF_EVENT_DEL; } return 0; } +static const char *nftnl_of2cmd(uint32_t of) +{ + switch (of) { + case NFTNL_OF_EVENT_NEW: + return "add"; + case NFTNL_OF_EVENT_DEL: + return "delete"; + default: + return "???"; + } +} + +static const char *netlink_msg2cmd(uint32_t msg) +{ + return nftnl_of2cmd(netlink_msg2nftnl_of(msg)); +} + static void nlr_for_each_set(struct nftnl_rule *nlr, void (*cb)(struct set *s, void *data), void *data, struct nft_cache *cache) @@ -179,34 +201,29 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { struct nftnl_table *nlt; - uint32_t family; + struct table *t; + const char *cmd; nlt = netlink_table_alloc(nlh); + t = netlink_delinearize_table(monh->ctx, nlt); + cmd = netlink_msg2cmd(type); switch (monh->format) { case NFTNL_OUTPUT_DEFAULT: - if (type == NFT_MSG_NEWTABLE) { - nft_mon_print(monh, "add table "); - } else { - nft_mon_print(monh, "delete table "); - } + nft_mon_print(monh, "%s table ", cmd); - family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY); - - nft_mon_print(monh, "%s %s", family2str(family), - nftnl_table_get_str(nlt, NFTNL_TABLE_NAME)); + nft_mon_print(monh, "%s %s", family2str(t->handle.family), + t->handle.table.name); if (monh->ctx->octx->handle > 0) nft_mon_print(monh, " # handle %" PRIu64 "", - nftnl_table_get_u64(nlt, NFTNL_TABLE_HANDLE)); - nft_mon_print(monh, "\n"); + t->handle.handle.id); break; case NFTNL_OUTPUT_JSON: - nftnl_table_fprintf(monh->ctx->octx->output_fp, nlt, - monh->format, netlink_msg2nftnl_of(type)); - nft_mon_print(monh, "\n"); + monitor_print_table_json(monh, cmd, t); break; } - + nft_mon_print(monh, "\n"); + table_free(t); nftnl_table_free(nlt); return MNL_CB_OK; } @@ -216,35 +233,34 @@ static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type, { struct nftnl_chain *nlc; struct chain *c; - uint32_t family; + const char *cmd; nlc = netlink_chain_alloc(nlh); + c = netlink_delinearize_chain(monh->ctx, nlc); + cmd = netlink_msg2cmd(type); switch (monh->format) { case NFTNL_OUTPUT_DEFAULT: + nft_mon_print(monh, "%s ", cmd); + switch (type) { case NFT_MSG_NEWCHAIN: - nft_mon_print(monh, "add "); - - c = netlink_delinearize_chain(monh->ctx, nlc); chain_print_plain(c, monh->ctx->octx); - chain_free(c); break; case NFT_MSG_DELCHAIN: - family = nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY); - nft_mon_print(monh, "delete chain %s %s %s\n", family2str(family), - nftnl_chain_get_str(nlc, NFTNL_CHAIN_TABLE), - nftnl_chain_get_str(nlc, NFTNL_CHAIN_NAME)); + nft_mon_print(monh, "chain %s %s %s", + family2str(c->handle.family), + c->handle.table.name, + c->handle.chain.name); break; } break; case NFTNL_OUTPUT_JSON: - nftnl_chain_fprintf(monh->ctx->octx->output_fp, nlc, - monh->format, netlink_msg2nftnl_of(type)); - nft_mon_print(monh, "\n"); + monitor_print_chain_json(monh, cmd, c); break; } - + nft_mon_print(monh, "\n"); + chain_free(c); nftnl_chain_free(nlc); return MNL_CB_OK; } @@ -253,43 +269,44 @@ static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { struct nftnl_set *nls; + const char *family, *cmd; struct set *set; - uint32_t family, flags; + uint32_t flags; nls = netlink_set_alloc(nlh); flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS); if (flags & NFT_SET_ANONYMOUS) goto out; + set = netlink_delinearize_set(monh->ctx, nls); + if (set == NULL) { + nftnl_set_free(nls); + return MNL_CB_ERROR; + } + family = family2str(set->handle.family); + cmd = netlink_msg2cmd(type); + switch (monh->format) { case NFTNL_OUTPUT_DEFAULT: + nft_mon_print(monh, "%s ", cmd); + switch (type) { case NFT_MSG_NEWSET: - nft_mon_print(monh, "add "); - set = netlink_delinearize_set(monh->ctx, nls); - if (set == NULL) { - nftnl_set_free(nls); - return MNL_CB_ERROR; - } set_print_plain(set, monh->ctx->octx); - set_free(set); - nft_mon_print(monh, "\n"); break; case NFT_MSG_DELSET: - family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); - nft_mon_print(monh, "delete set %s %s %s\n", - family2str(family), - nftnl_set_get_str(nls, NFTNL_SET_TABLE), - nftnl_set_get_str(nls, NFTNL_SET_NAME)); + nft_mon_print(monh, "set %s %s %s", family, + set->handle.table.name, + set->handle.set.name); break; } break; case NFTNL_OUTPUT_JSON: - nftnl_set_fprintf(monh->ctx->octx->output_fp, nls, - monh->format, netlink_msg2nftnl_of(type)); - nft_mon_print(monh, "\n"); + monitor_print_set_json(monh, cmd, set); break; } + nft_mon_print(monh, "\n"); + set_free(set); out: nftnl_set_free(nls); return MNL_CB_OK; @@ -360,13 +377,14 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, struct nftnl_set *nls; struct set *dummyset; struct set *set; - const char *setname, *table; + const char *setname, *table, *cmd; uint32_t family; nls = netlink_setelem_alloc(nlh); table = nftnl_set_get_str(nls, NFTNL_SET_TABLE); setname = nftnl_set_get_str(nls, NFTNL_SET_NAME); family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); + cmd = netlink_msg2cmd(type); set = set_lookup_global(family, table, setname, monh->cache); if (set == NULL) { @@ -374,70 +392,63 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, goto out; } - switch (monh->format) { - case NFTNL_OUTPUT_DEFAULT: - if (set->flags & NFT_SET_ANONYMOUS) - goto out; - - /* we want to 'delinearize' the set_elem, but don't - * modify the original cached set. This path is only - * used by named sets, so use a dummy set. - */ - dummyset = set_alloc(monh->loc); - dummyset->key = expr_clone(set->key); - dummyset->datatype = set->datatype; - dummyset->flags = set->flags; - dummyset->init = set_expr_alloc(monh->loc, set); + if (set->flags & NFT_SET_ANONYMOUS) + goto out; - nlsei = nftnl_set_elems_iter_create(nls); - if (nlsei == NULL) - memory_allocation_error(); + /* we want to 'delinearize' the set_elem, but don't + * modify the original cached set. This path is only + * used by named sets, so use a dummy set. + */ + dummyset = set_alloc(monh->loc); + dummyset->key = expr_clone(set->key); + dummyset->datatype = set->datatype; + dummyset->flags = set->flags; + dummyset->init = set_expr_alloc(monh->loc, set); - nlse = nftnl_set_elems_iter_next(nlsei); - while (nlse != NULL) { - if (netlink_event_ignore_range_event(nlse)) { - set_free(dummyset); - nftnl_set_elems_iter_destroy(nlsei); - goto out; - } - if (netlink_delinearize_setelem(nlse, dummyset, - monh->cache) < 0) { - set_free(dummyset); - nftnl_set_elems_iter_destroy(nlsei); - goto out; - } - nlse = nftnl_set_elems_iter_next(nlsei); - } - nftnl_set_elems_iter_destroy(nlsei); + nlsei = nftnl_set_elems_iter_create(nls); + if (nlsei == NULL) + memory_allocation_error(); - if (netlink_event_range_cache(set, dummyset)) { + nlse = nftnl_set_elems_iter_next(nlsei); + while (nlse != NULL) { + if (netlink_event_ignore_range_event(nlse)) { set_free(dummyset); + nftnl_set_elems_iter_destroy(nlsei); goto out; } - - switch (type) { - case NFT_MSG_NEWSETELEM: - nft_mon_print(monh, "add "); - break; - case NFT_MSG_DELSETELEM: - nft_mon_print(monh, "delete "); - break; - default: + if (netlink_delinearize_setelem(nlse, dummyset, + monh->cache) < 0) { set_free(dummyset); + nftnl_set_elems_iter_destroy(nlsei); goto out; } - nft_mon_print(monh, "element %s %s %s ", family2str(family), table, setname); - expr_print(dummyset->init, monh->ctx->octx); - nft_mon_print(monh, "\n"); + nlse = nftnl_set_elems_iter_next(nlsei); + } + nftnl_set_elems_iter_destroy(nlsei); + if (netlink_event_range_cache(set, dummyset)) { set_free(dummyset); + goto out; + } + + switch (monh->format) { + case NFTNL_OUTPUT_DEFAULT: + nft_mon_print(monh, "%s element %s %s %s ", + cmd, family2str(family), table, setname); + expr_print(dummyset->init, monh->ctx->octx); break; case NFTNL_OUTPUT_JSON: - nftnl_set_fprintf(monh->ctx->octx->output_fp, nls, - monh->format, netlink_msg2nftnl_of(type)); - nft_mon_print(monh, "\n"); + dummyset->handle.family = family; + dummyset->handle.set.name = setname; + dummyset->handle.table.name = table; + monitor_print_element_json(monh, cmd, dummyset); + /* prevent set_free() from trying to free those */ + dummyset->handle.set.name = NULL; + dummyset->handle.table.name = NULL; break; } + nft_mon_print(monh, "\n"); + set_free(dummyset); out: nftnl_set_free(nls); return MNL_CB_OK; @@ -446,43 +457,43 @@ out: static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { + const char *family, *cmd; struct nftnl_obj *nlo; - uint32_t family; struct obj *obj; nlo = netlink_obj_alloc(nlh); + obj = netlink_delinearize_obj(monh->ctx, nlo); + if (obj == NULL) { + nftnl_obj_free(nlo); + return MNL_CB_ERROR; + } + family = family2str(obj->handle.family); + cmd = netlink_msg2cmd(type); + switch (monh->format) { case NFTNL_OUTPUT_DEFAULT: + nft_mon_print(monh, "%s ", cmd); + switch (type) { case NFT_MSG_NEWOBJ: - nft_mon_print(monh, "add "); - obj = netlink_delinearize_obj(monh->ctx, nlo); - if (obj == NULL) { - nftnl_obj_free(nlo); - return MNL_CB_ERROR; - } obj_print_plain(obj, monh->ctx->octx); - obj_free(obj); - nft_mon_print(monh, "\n"); break; case NFT_MSG_DELOBJ: - family = nftnl_obj_get_u32(nlo, NFTNL_OBJ_FAMILY); - nft_mon_print(monh, "delete %s %s %s %s\n", - obj_type_name(nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE)), - family2str(family), - nftnl_obj_get_str(nlo, NFTNL_OBJ_TABLE), - nftnl_obj_get_str(nlo, NFTNL_OBJ_NAME)); + nft_mon_print(monh, "%s %s %s %s", + obj_type_name(obj->type), + family, + obj->handle.table.name, + obj->handle.obj.name); break; } break; case NFTNL_OUTPUT_JSON: - nftnl_obj_fprintf(monh->ctx->octx->output_fp, nlo, - monh->format, netlink_msg2nftnl_of(type)); - nft_mon_print(monh, "\n"); + monitor_print_obj_json(monh, cmd, obj); break; } - + nft_mon_print(monh, "\n"); + obj_free(obj); nftnl_obj_free(nlo); return MNL_CB_OK; } @@ -496,48 +507,42 @@ static void rule_map_decompose_cb(struct set *s, void *data) static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { + const char *family, *cmd; struct nftnl_rule *nlr; - const char *family; - const char *table; - const char *chain; struct rule *r; - uint64_t handle; - uint32_t fam; nlr = netlink_rule_alloc(nlh); + r = netlink_delinearize_rule(monh->ctx, nlr); + nlr_for_each_set(nlr, rule_map_decompose_cb, NULL, monh->cache); + cmd = netlink_msg2cmd(type); + switch (monh->format) { case NFTNL_OUTPUT_DEFAULT: - fam = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); - family = family2str(fam); - table = nftnl_rule_get_str(nlr, NFTNL_RULE_TABLE); - chain = nftnl_rule_get_str(nlr, NFTNL_RULE_CHAIN); - handle = nftnl_rule_get_u64(nlr, NFTNL_RULE_HANDLE); + family = family2str(r->handle.family); + + nft_mon_print(monh, "%s rule %s %s %s ", + cmd, + family, + r->handle.table.name, + r->handle.chain.name); switch (type) { case NFT_MSG_NEWRULE: - r = netlink_delinearize_rule(monh->ctx, nlr); - nlr_for_each_set(nlr, rule_map_decompose_cb, NULL, - monh->cache); - - nft_mon_print(monh, "add rule %s %s %s ", family, table, chain); rule_print(r, monh->ctx->octx); - nft_mon_print(monh, "\n"); - rule_free(r); break; case NFT_MSG_DELRULE: - nft_mon_print(monh, "delete rule %s %s %s handle %u\n", - family, table, chain, (unsigned int)handle); + nft_mon_print(monh, "handle %" PRIu64, + r->handle.handle.id); break; } break; case NFTNL_OUTPUT_JSON: - nftnl_rule_fprintf(monh->ctx->octx->output_fp, nlr, - monh->format, netlink_msg2nftnl_of(type)); - nft_mon_print(monh, "\n"); + monitor_print_rule_json(monh, cmd, r); break; } - + nft_mon_print(monh, "\n"); + rule_free(r); nftnl_rule_free(nlr); return MNL_CB_OK; } |