From b99c4d072d9969f7a0dfc539b2b68b517f90af68 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 9 Aug 2017 13:16:42 +0200 Subject: Implement --echo option When used with add, insert or replace commands, nft tool will print event notifications just like 'nft monitor' does for the same commands. Apart from seeing what a given command will turn out in the rule set, this allows to reliably retrieve a new rule's assigned handle (if used together with --handle option). Here are some examples of how it works: | # nft --echo --handle add table ip t | add table ip t | | # nft --echo --handle add chain ip t c \ | '{ type filter hook forward priority 0; }' | add chain ip t c { type filter hook forward priority 0; policy accept; } | | # nft --echo --handle add rule ip t c tcp dport '{22, 80}' accept | add rule ip t c tcp dport { ssh, http } accept # handle 2 | | # nft --echo --handle add set ip t ipset '{ type ipv4_addr; \ | elements = { 192.168.0.1, 192.168.0.2 }; }' | add set ip t ipset { type ipv4_addr; } | add element ip t ipset { 192.168.0.1 } | add element ip t ipset { 192.168.0.2 } Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- src/netlink.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'src/netlink.c') diff --git a/src/netlink.c b/src/netlink.c index 26032f95..b172d2cc 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -464,11 +464,11 @@ int netlink_replace_rule_batch(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { struct nftnl_rule *nlr; - int err; + int err, flags = ctx->octx->echo ? NLM_F_ECHO : 0; nlr = alloc_nftnl_rule(&rule->handle); netlink_linearize_rule(ctx, nlr, rule); - err = mnl_nft_rule_batch_replace(nlr, ctx->batch, 0, ctx->seqnum); + err = mnl_nft_rule_batch_replace(nlr, ctx->batch, flags, ctx->seqnum); nftnl_rule_free(nlr); if (err < 0) @@ -3069,6 +3069,22 @@ static int netlink_events_cb(const struct nlmsghdr *nlh, void *data) return ret; } +int netlink_echo_callback(const struct nlmsghdr *nlh, void *data) +{ + struct netlink_mon_handler echo_monh = { + .format = NFTNL_OUTPUT_DEFAULT, + .ctx = data, + .loc = &netlink_location, + .monitor_flags = 0xffffffff, + .cache_needed = true, + }; + + if (!echo_monh.ctx->octx->echo) + return MNL_CB_OK; + + return netlink_events_cb(nlh, &echo_monh); +} + int netlink_monitor(struct netlink_mon_handler *monhandler, struct mnl_socket *nf_sock) { -- cgit v1.2.3