summaryrefslogtreecommitdiffstats
path: root/iptables/xtables-monitor.c
Commit message (Collapse)AuthorAgeFilesLines
* nft: family_ops: Pass nft_handle to 'rule_to_cs' callbackPhil Sutter2019-11-251-2/+15
| | | | | | | | | | | This is the actual callback used to parse nftables rules. Pass nft_handle to it so it can access the cache (and possible sets therein). Having to pass nft_handle to nft_rule_print_save() allows to simplify it a bit since no family ops lookup has to be done anymore. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: replace IPTABLES_VERSION by PACKAGE_VERSIONJan Engelhardt2019-05-301-2/+3
| | | | | | | | | | | | | The IPTABLES_VERSION C macro replicates the PACKAGE_VERSION C macro (both have the same definition, "@PACKAGE_VERSION@"). Since IPTABLES_VERSION, being located in internal.h, is not exposed to downstream users in any way, it can just be replaced by PACKAGE_VERSION, which saves a configure-time file substitution. This goes towards eliminating unnecessary rebuilds after rerunning ./configure. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Florian Westphal <fw@strlen.de>
* xtables-monitor: fix build with musl libcBaruch Siach2018-11-171-0/+1
| | | | | | | | | | | | | | | | | | | | | Commit 7c8791edac3 ("xtables-monitor: fix build with older glibc") changed the code to use GNU style tcphdr fields. Unfortunately, musl libc requires _GNU_SOURCE definition to expose these fields. Fix the following build failure: xtables-monitor.c: In function ‘trace_print_packet’: xtables-monitor.c:406:43: error: ‘const struct tcphdr’ has no member named ‘source’ printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest)); ^~ xtables-monitor.c:406:64: error: ‘const struct tcphdr’ has no member named ‘dest’ printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest)); ^~ ... Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Florian Westphal <fw@strlen.de>
* xtables-monitor: fix build with older glibcBaruch Siach2018-11-161-16/+14
| | | | | | | | | | | | | | | | | | | | | glibc older than 2.19 only expose BSD style fields of struct tcphdr when _BSD_SOURCE is define. Current glibc however, warn that _BSD_SOURCE is deprecated. Migrate to the GNU style of tcphdr fields to make the code compatible with any glibc version. Fix the following build failure: xtables-monitor.c: In function 'trace_print_packet': xtables-monitor.c:406:43: error: 'const struct tcphdr' has no member named 'th_sport' printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); ^ xtables-monitor.c:406:66: error: 'const struct tcphdr' has no member named 'th_dport' printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); ^ ... Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Florian Westphal <fw@strlen.de>
* xtables: Improve xtables-monitor first impressionPhil Sutter2018-08-091-1/+2
| | | | | | | | | | | | | First time users are likely to call 'xtables-monitor --help' to see what's going on. Make this situation a bit more pleasant for them: * When complaining about illegal arguments, add a final newline character to the error message. * Actually support '--help' long option as an alias to '-h'. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
* xtables: Spelling fixes in xtables-monitorPhil Sutter2018-08-071-3/+3
| | | | | | | | | Fix a few minor spelling issues in xtables-monitor help output and man page. While being at it, change 'ipv4' and 'ipv6' to 'IPv4' and 'IPv6', respectively. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
* xtables: Use new callbacks in nft_rule_print_save()Phil Sutter2018-07-191-5/+1
| | | | | | | | This relieves callers from having to prepare iptables_command_state, which often happens just for the sake of passing it to this function. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
* xtables: merge {ip,arp}tables_command_state structsPhil Sutter2018-07-191-6/+2
| | | | | | | | | | Differences between both structs are marginal (apart from arptables_command_state being much smaller), so merge them into one. Struct iptables_command_state is already shared between iptables, ip6tables and ebtables. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables: replace memset by c99-style initializersPhil Sutter2018-07-191-2/+1
| | | | | | | | This cleans up a few obvious cases identified by grepping the source code for 'memset'. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
* xtables-monitor: add --version optionFlorian Westphal2018-07-041-2/+6
| | | | | | ... for consistency with other commands. Signed-off-by: Florian Westphal <fw@strlen.de>
* xtables: add xtables-monitorFlorian Westphal2018-06-251-0/+684
This is a partial revert of commit 7462e4aa757dc28e74b4a731b3ee13079b04ef23 ("iptables-compat: Keep xtables-config and xtables-events out from tree") and re-adds xtables-events under a new name, with a few enhancements, this is --trace mode, which replaces printk-based tracing, and an imroved event mode which will now also display pid/name and new generation id at the end of a batch. Example output of xtables-monitor --event --trace PACKET: 10 fa6b77e1 IN=wlan0 MACSRC=51:14:31:51:XX:XX MACDST=1c:b6:b0:ac:XX:XX MACPROTO=86dd SRC=2a00:3a0:2::1 DST=2b00:bf0:c001::1 LEN=1440 TC=18 HOPLIMIT=61 FLOWLBL=1921 SPORT=22 DPORT=13024 ACK PSH TRACE: 10 fa6b77e1 raw:PREROUTING:return: TRACE: 10 fa6b77e1 raw:PREROUTING:policy:DROP EVENT: -6 -t mangle -A PREROUTING -j DNPT --src-pfx dead::/64 --dst-pfx 1c3::/64 NEWGEN: GENID=6581 PID=15601 NAME=xtables-multi Signed-off-by: Florian Westphal <fw@strlen.de>