src: netlink: Subscribe nft monitor and nft monitor trace to respective groups.

Subscribe nft monitor to both NFNLGRP_NFTABLES and NFNLGRP_NFTRACE.
nft monitor trace subscribes only to NFNLGRP_NFTRACE. Other event
reporting options to only NFNLGRP_NFTABLES.

Joint work with Pablo Neira.

Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 20 insertions, 16 deletions

diff --git a/src/netlink.c b/src/netlink.c
index b4386ad4..ffdadfb1 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -3080,22 +3080,26 @@ int netlink_monitor(struct netlink_mon_handler *monhandler,
 {
 	int group;
 
-	group = NFNLGRP_NFTABLES;
-	if (mnl_socket_setsockopt(nf_sock, NETLINK_ADD_MEMBERSHIP, &group,
-				  sizeof(int)) < 0)
-		return netlink_io_error(monhandler->ctx, monhandler->loc,
-					"Could not bind to netlink socket %s",
-					strerror(errno));
-
-	group = NFNLGRP_NFTRACE;
-	if (mnl_socket_setsockopt(nf_sock, NETLINK_ADD_MEMBERSHIP, &group,
-				  sizeof(int)) < 0)
-		return netlink_io_error(monhandler->ctx, monhandler->loc,
-					"Could not bind to netlink socket %s",
-					strerror(errno));
-
-	return mnl_nft_event_listener(nf_sock, netlink_events_cb,
-				      monhandler);
+	if (monhandler->monitor_flags & (1 << NFT_MSG_TRACE)) {
+		group = NFNLGRP_NFTRACE;
+		if (mnl_socket_setsockopt(nf_sock, NETLINK_ADD_MEMBERSHIP,
+					  &group, sizeof(int)) < 0)
+			return netlink_io_error(monhandler->ctx,
+						monhandler->loc,
+						"Could not bind to netlink socket %s",
+						strerror(errno));
+	}
+	if (monhandler->monitor_flags & ~(1 << NFT_MSG_TRACE)) {
+		group = NFNLGRP_NFTABLES;
+		if (mnl_socket_setsockopt(nf_sock, NETLINK_ADD_MEMBERSHIP,
+					  &group, sizeof(int)) < 0)
+			return netlink_io_error(monhandler->ctx,
+						monhandler->loc,
+						"Could not bind to netlink socket %s",
+						strerror(errno));
+	}
+
+	return mnl_nft_event_listener(nf_sock, netlink_events_cb, monhandler);
 }
 
 bool netlink_batch_supported(struct mnl_socket *nf_sock)