diff options
author | Florian Westphal <fw@strlen.de> | 2018-06-20 23:06:04 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-06-26 15:16:56 +0200 |
commit | 78ba4ffdeacc9b31f7396d72c98907e861024653 (patch) | |
tree | 73f20c54ba353b08a7ccf2f0683c607e5f400782 /src/netlink.c | |
parent | b94e51f2d61657e1165ee64eccb3b237e624985d (diff) |
src: trace: fix policy printing
policy type is erronously handled via verdict, this is wrong.
It is a different event type and needs to be handled as such.
before:
trace id 42b54e71 inet filter input packet: iif "lo" ip saddr 127.0.0.1 ..
trace id 42b54e71 inet filter input rule ip protocol icmp nftrace set 1 (verdict continue)
trace id 42b54e71 inet filter input verdict continue
trace id 42b54e71 inet filter input
after:
trace id 9f40c5c7 inet filter input packet: iif "lo" ip saddr 127.0.0.1 ..
trace id 9f40c5c7 inet filter input rule ip protocol icmp nftrace set 1 (verdict continue)
trace id 9f40c5c7 inet filter input verdict continue
trace id 9f40c5c7 inet filter input policy drop
Reported-by: vtol@gmx.net
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/netlink.c')
-rw-r--r-- | src/netlink.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/src/netlink.c b/src/netlink.c index 864947b4..394af2f0 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1704,7 +1704,22 @@ static void trace_print_verdict(const struct nftnl_trace *nlt, chain = xstrdup(nftnl_trace_get_str(nlt, NFTNL_TRACE_JUMP_TARGET)); expr = verdict_expr_alloc(&netlink_location, verdict, chain); - printf("verdict "); + nft_print(octx, "verdict "); + expr_print(expr, octx); + expr_free(expr); +} + +static void trace_print_policy(const struct nftnl_trace *nlt, + struct output_ctx *octx) +{ + unsigned int policy; + struct expr *expr; + + policy = nftnl_trace_get_u32(nlt, NFTNL_TRACE_POLICY); + + expr = verdict_expr_alloc(&netlink_location, policy, NULL); + + nft_print(octx, "policy "); expr_print(expr, octx); expr_free(expr); } @@ -1920,6 +1935,20 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type, trace_print_rule(nlt, monh->ctx->octx, monh->cache); break; case NFT_TRACETYPE_POLICY: + trace_print_hdr(nlt, monh->ctx->octx); + + if (nftnl_trace_is_set(nlt, NFTNL_TRACE_POLICY)) { + trace_print_policy(nlt, monh->ctx->octx); + nft_mon_print(monh, " "); + } + + if (nftnl_trace_is_set(nlt, NFTNL_TRACE_MARK)) + trace_print_expr(nlt, NFTNL_TRACE_MARK, + meta_expr_alloc(&netlink_location, + NFT_META_MARK), + monh->ctx->octx); + nft_mon_print(monh, "\n"); + break; case NFT_TRACETYPE_RETURN: trace_print_hdr(nlt, monh->ctx->octx); |