diff options
| author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-04-16 18:43:17 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-04-25 17:45:33 +0200 |
| commit | f9563c0feb24d40036467ac8a3b7e9f41950df1e (patch) | |
| tree | f08d0f160ef638cca8a6734ada140cccab208a6e /include | |
| parent | 1be55ff3a9866cbee8fcde8d8f9425cb3d8af05d (diff) | |
src: add events reporting
This patch adds a basic events reporting option to nft.
The syntax is:
% nft monitor [new|destroy] [tables|chains|rules|sets|elements] [xml|json]
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/mnl.h | 3 | ||||
| -rw-r--r-- | include/netlink.h | 10 | ||||
| -rw-r--r-- | include/rule.h | 6 |
3 files changed, 19 insertions, 0 deletions
diff --git a/include/mnl.h b/include/mnl.h index f4de27db..ece7ee7f 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -67,4 +67,7 @@ int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nft_set *nls); struct nft_ruleset *mnl_nft_ruleset_dump(struct mnl_socket *nf_sock, uint32_t family); +int mnl_nft_event_listener(struct mnl_socket *nf_sock, + int (*cb)(const struct nlmsghdr *nlh, void *data), + void *cb_data); #endif /* _NFTABLES_MNL_H_ */ diff --git a/include/netlink.h b/include/netlink.h index 1fb03562..eca4a483 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -136,6 +136,7 @@ extern void netlink_dump_expr(struct nft_rule_expr *nle); extern void netlink_dump_set(struct nft_set *nls); extern int netlink_batch_send(struct list_head *err_list); +extern void netlink_abi_error(void) __noreturn; extern int netlink_io_error(struct netlink_ctx *ctx, const struct location *loc, const char *fmt, ...); extern void netlink_open_error(void) __noreturn; @@ -143,4 +144,13 @@ extern void netlink_open_error(void) __noreturn; extern struct nft_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc); +struct netlink_mon_handler { + uint32_t monitor_flags; + uint32_t format; + struct netlink_ctx *ctx; + const struct location *loc; + bool cache_needed; +}; + +extern int netlink_monitor(struct netlink_mon_handler *monhandler); #endif /* NFTABLES_NETLINK_H */ diff --git a/include/rule.h b/include/rule.h index 6c373e69..da604a54 100644 --- a/include/rule.h +++ b/include/rule.h @@ -195,8 +195,11 @@ struct set { extern struct set *set_alloc(const struct location *loc); extern struct set *set_get(struct set *set); extern void set_free(struct set *set); +extern struct set *set_clone(const struct set *set); extern void set_add_hash(struct set *set, struct table *table); extern struct set *set_lookup(const struct table *table, const char *name); +extern struct set *set_lookup_global(uint32_t family, const char *table, + const char *name); extern void set_print(const struct set *set); extern void set_print_plain(const struct set *s); @@ -212,6 +215,7 @@ extern void set_print_plain(const struct set *s); * @CMD_FLUSH: flush container * @CMD_RENAME: rename object * @CMD_EXPORT: export the ruleset in a given format + * @CMD_MONITOR: event listener */ enum cmd_ops { CMD_INVALID, @@ -223,6 +227,7 @@ enum cmd_ops { CMD_FLUSH, CMD_RENAME, CMD_EXPORT, + CMD_MONITOR, }; /** @@ -278,6 +283,7 @@ struct cmd { }; const void *arg; uint32_t format; + uint32_t monitor_flags; }; extern struct cmd *cmd_alloc(enum cmd_ops op, enum cmd_obj obj, |