diff options
| author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-04-16 18:43:17 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-04-25 17:45:33 +0200 |
| commit | f9563c0feb24d40036467ac8a3b7e9f41950df1e (patch) | |
| tree | f08d0f160ef638cca8a6734ada140cccab208a6e /src/parser.y | |
| parent | 1be55ff3a9866cbee8fcde8d8f9425cb3d8af05d (diff) | |
src: add events reporting
This patch adds a basic events reporting option to nft.
The syntax is:
% nft monitor [new|destroy] [tables|chains|rules|sets|elements] [xml|json]
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser.y')
| -rw-r--r-- | src/parser.y | 90 |
1 files changed, 87 insertions, 3 deletions
diff --git a/src/parser.y b/src/parser.y index 010cf9c3..9c20737b 100644 --- a/src/parser.y +++ b/src/parser.y @@ -163,12 +163,16 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token TABLE "table" %token TABLES "tables" %token CHAIN "chain" +%token CHAINS "chains" %token RULE "rule" +%token RULES "rules" %token SETS "sets" %token SET "set" %token ELEMENT "element" %token MAP "map" %token HANDLE "handle" +%token NEW "new" +%token DESTROY "destroy" %token INET "inet" @@ -181,6 +185,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token RENAME "rename" %token DESCRIBE "describe" %token EXPORT "export" +%token MONITOR "monitor" %token ACCEPT "accept" %token DROP "drop" @@ -364,8 +369,8 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type <cmd> line %destructor { cmd_free($$); } line -%type <cmd> base_cmd add_cmd create_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd export_cmd -%destructor { cmd_free($$); } base_cmd add_cmd create_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd export_cmd +%type <cmd> base_cmd add_cmd create_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd export_cmd monitor_cmd +%destructor { cmd_free($$); } base_cmd add_cmd create_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd export_cmd monitor_cmd %type <handle> table_spec tables_spec chain_spec chain_identifier ruleid_spec %destructor { handle_free(&$$); } table_spec tables_spec chain_spec chain_identifier ruleid_spec @@ -493,7 +498,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %destructor { expr_free($$); } ct_expr %type <val> ct_key -%type <val> export_format +%type <val> export_format output_format monitor_flags %% @@ -593,6 +598,7 @@ base_cmd : /* empty */ add_cmd { $$ = $1; } | FLUSH flush_cmd { $$ = $2; } | RENAME rename_cmd { $$ = $2; } | EXPORT export_cmd { $$ = $2; } + | MONITOR monitor_cmd { $$ = $2; } | DESCRIBE primary_expr { expr_describe($2); @@ -760,6 +766,84 @@ export_cmd : export_format } ; +monitor_cmd : monitor_flags output_format + { + struct handle h = { .family = NFPROTO_UNSPEC }; + $$ = cmd_alloc(CMD_MONITOR, CMD_OBJ_RULESET, &h, &@$, NULL); + $$->monitor_flags = $1; + $$->format = $2; + } + ; + +monitor_flags : /* empty */ + { + $$ |= (1 << NFT_MSG_NEWRULE); + $$ |= (1 << NFT_MSG_DELRULE); + $$ |= (1 << NFT_MSG_NEWSET); + $$ |= (1 << NFT_MSG_DELSET); + $$ |= (1 << NFT_MSG_NEWSETELEM); + $$ |= (1 << NFT_MSG_DELSETELEM); + $$ |= (1 << NFT_MSG_NEWCHAIN); + $$ |= (1 << NFT_MSG_DELCHAIN); + $$ |= (1 << NFT_MSG_NEWTABLE); + $$ |= (1 << NFT_MSG_DELTABLE); + } + | NEW + { + $$ |= (1 << NFT_MSG_NEWRULE); + $$ |= (1 << NFT_MSG_NEWSET); + $$ |= (1 << NFT_MSG_NEWSETELEM); + $$ |= (1 << NFT_MSG_NEWCHAIN); + $$ |= (1 << NFT_MSG_NEWTABLE); + } + | DESTROY + { + $$ |= (1 << NFT_MSG_DELRULE); + $$ |= (1 << NFT_MSG_DELSET); + $$ |= (1 << NFT_MSG_DELSETELEM); + $$ |= (1 << NFT_MSG_DELCHAIN); + $$ |= (1 << NFT_MSG_DELTABLE); + } + | TABLES + { + $$ |= (1 << NFT_MSG_NEWTABLE); $$ |= (1 << NFT_MSG_DELTABLE); + } + | NEW TABLES { $$ |= (1 << NFT_MSG_NEWTABLE); } + | DESTROY TABLES { $$ |= (1 << NFT_MSG_DELTABLE); } + | CHAIN + { + $$ |= (1 << NFT_MSG_NEWCHAIN); $$ |= (1 << NFT_MSG_DELCHAIN); + } + | NEW CHAINS { $$ |= (1 << NFT_MSG_NEWCHAIN); } + | DESTROY CHAINS { $$ |= (1 << NFT_MSG_DELCHAIN); } + | SETS + { + $$ |= (1 << NFT_MSG_NEWSET); $$ |= (1 << NFT_MSG_DELSET); + } + | NEW SETS { $$ |= (1 << NFT_MSG_NEWSET); } + | DESTROY SETS { $$ |= (1 << NFT_MSG_DELSET); } + | RULE + { + $$ |= (1 << NFT_MSG_NEWRULE); $$ |= (1 << NFT_MSG_DELRULE); + } + | NEW RULES { $$ |= (1 << NFT_MSG_NEWRULE); } + | DESTROY RULES { $$ |= (1 << NFT_MSG_DELRULE); } + | ELEMENTS + { + $$ |= (1 << NFT_MSG_NEWSETELEM); + $$ |= (1 << NFT_MSG_DELSETELEM); + } + | NEW ELEMENTS { $$ |= (1 << NFT_MSG_NEWSETELEM); } + | DESTROY ELEMENTS { $$ |= (1 << NFT_MSG_DELSETELEM); } + ; + +output_format : /* empty */ + { + $$ = NFT_OUTPUT_DEFAULT; + } + | export_format + ; + table_block_alloc : /* empty */ { $$ = table_alloc(); |