summaryrefslogtreecommitdiffstats
path: root/src/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/monitor.c')
-rw-r--r--src/monitor.c165
1 files changed, 119 insertions, 46 deletions
diff --git a/src/monitor.c b/src/monitor.c
index bb269c02..2fc16d67 100644
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -2,17 +2,17 @@
* Copyright (c) 2015 Arturo Borrero Gonzalez <arturo@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
+ * it under the terms of the GNU General Public License version 2 (or any
+ * later) as published by the Free Software Foundation.
*/
-#include <string.h>
+#include <nft.h>
+
#include <fcntl.h>
#include <errno.h>
#include <libmnl/libmnl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <stdlib.h>
#include <inttypes.h>
#include <libnftnl/table.h>
@@ -40,6 +40,13 @@
#include <iface.h>
#include <json.h>
+enum {
+ NFT_OF_EVENT_ADD,
+ NFT_OF_EVENT_INSERT,
+ NFT_OF_EVENT_DEL,
+ NFT_OF_EVENT_CREATE,
+};
+
#define nft_mon_print(monh, ...) nft_print(&monh->ctx->nft->output, __VA_ARGS__)
struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh)
@@ -120,17 +127,24 @@ struct nftnl_obj *netlink_obj_alloc(const struct nlmsghdr *nlh)
return nlo;
}
-static uint32_t netlink_msg2nftnl_of(uint32_t msg)
+static uint32_t netlink_msg2nftnl_of(uint32_t type, uint16_t flags)
{
- switch (msg) {
+ switch (type) {
+ case NFT_MSG_NEWRULE:
+ if (flags & NLM_F_APPEND)
+ return NFT_OF_EVENT_ADD;
+ else
+ return NFT_OF_EVENT_INSERT;
case NFT_MSG_NEWTABLE:
case NFT_MSG_NEWCHAIN:
case NFT_MSG_NEWSET:
case NFT_MSG_NEWSETELEM:
- case NFT_MSG_NEWRULE:
case NFT_MSG_NEWOBJ:
case NFT_MSG_NEWFLOWTABLE:
- return NFTNL_OF_EVENT_NEW;
+ if (flags & NLM_F_EXCL)
+ return NFT_OF_EVENT_CREATE;
+ else
+ return NFT_OF_EVENT_ADD;
case NFT_MSG_DELTABLE:
case NFT_MSG_DELCHAIN:
case NFT_MSG_DELSET:
@@ -147,18 +161,22 @@ static uint32_t netlink_msg2nftnl_of(uint32_t msg)
static const char *nftnl_of2cmd(uint32_t of)
{
switch (of) {
- case NFTNL_OF_EVENT_NEW:
+ case NFT_OF_EVENT_ADD:
return "add";
- case NFTNL_OF_EVENT_DEL:
+ case NFT_OF_EVENT_CREATE:
+ return "create";
+ case NFT_OF_EVENT_INSERT:
+ return "insert";
+ case NFT_OF_EVENT_DEL:
return "delete";
default:
return "???";
}
}
-static const char *netlink_msg2cmd(uint32_t msg)
+static const char *netlink_msg2cmd(uint32_t type, uint16_t flags)
{
- return nftnl_of2cmd(netlink_msg2nftnl_of(msg));
+ return nftnl_of2cmd(netlink_msg2nftnl_of(type, flags));
}
static void nlr_for_each_set(struct nftnl_rule *nlr,
@@ -206,7 +224,7 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type,
nlt = netlink_table_alloc(nlh);
t = netlink_delinearize_table(monh->ctx, nlt);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
@@ -214,15 +232,21 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type,
nft_mon_print(monh, "%s %s", family2str(t->handle.family),
t->handle.table.name);
+
+ if (t->flags & TABLE_F_DORMANT)
+ nft_mon_print(monh, " { flags dormant; }");
+
if (nft_output_handle(&monh->ctx->nft->output))
nft_mon_print(monh, " # handle %" PRIu64 "",
t->handle.handle.id);
+ nft_mon_print(monh, "\n");
break;
case NFTNL_OUTPUT_JSON:
monitor_print_table_json(monh, cmd, t);
+ if (!nft_output_echo(&monh->ctx->nft->output))
+ nft_mon_print(monh, "\n");
break;
}
- nft_mon_print(monh, "\n");
table_free(t);
nftnl_table_free(nlt);
return MNL_CB_OK;
@@ -237,7 +261,7 @@ static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type,
nlc = netlink_chain_alloc(nlh);
c = netlink_delinearize_chain(monh->ctx, nlc);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
@@ -248,18 +272,23 @@ static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type,
chain_print_plain(c, &monh->ctx->nft->output);
break;
case NFT_MSG_DELCHAIN:
- nft_mon_print(monh, "chain %s %s %s",
- family2str(c->handle.family),
- c->handle.table.name,
- c->handle.chain.name);
+ if (c->dev_array_len > 0)
+ chain_print_plain(c, &monh->ctx->nft->output);
+ else
+ nft_mon_print(monh, "chain %s %s %s",
+ family2str(c->handle.family),
+ c->handle.table.name,
+ c->handle.chain.name);
break;
}
+ nft_mon_print(monh, "\n");
break;
case NFTNL_OUTPUT_JSON:
monitor_print_chain_json(monh, cmd, c);
+ if (!nft_output_echo(&monh->ctx->nft->output))
+ nft_mon_print(monh, "\n");
break;
}
- nft_mon_print(monh, "\n");
chain_free(c);
nftnl_chain_free(nlc);
return MNL_CB_OK;
@@ -284,7 +313,7 @@ static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type,
return MNL_CB_ERROR;
}
family = family2str(set->handle.family);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
@@ -300,12 +329,14 @@ static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type,
set->handle.set.name);
break;
}
+ nft_mon_print(monh, "\n");
break;
case NFTNL_OUTPUT_JSON:
monitor_print_set_json(monh, cmd, set);
+ if (!nft_output_echo(&monh->ctx->nft->output))
+ nft_mon_print(monh, "\n");
break;
}
- nft_mon_print(monh, "\n");
set_free(set);
out:
nftnl_set_free(nls);
@@ -359,13 +390,19 @@ static bool netlink_event_range_cache(struct set *cached_set,
/* don't cache half-open range elements */
elem = list_entry(dummyset->init->expressions.prev, struct expr, list);
- if (!set_elem_is_open_interval(elem)) {
+ if (!set_elem_is_open_interval(elem) &&
+ dummyset->desc.field_count <= 1) {
cached_set->rg_cache = expr_clone(elem);
return true;
}
out_decompose:
- interval_map_decompose(dummyset->init);
+ if (dummyset->flags & NFT_SET_INTERVAL &&
+ dummyset->desc.field_count > 1)
+ concat_range_aggregate(dummyset->init);
+ else
+ interval_map_decompose(dummyset->init);
+
return false;
}
@@ -384,7 +421,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
table = nftnl_set_get_str(nls, NFTNL_SET_TABLE);
setname = nftnl_set_get_str(nls, NFTNL_SET_NAME);
family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
set = set_lookup_global(family, table, setname, &monh->ctx->nft->cache);
if (set == NULL) {
@@ -400,11 +437,13 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
* used by named sets, so use a dummy set.
*/
dummyset = set_alloc(monh->loc);
+ handle_merge(&dummyset->handle, &set->handle);
dummyset->key = expr_clone(set->key);
if (set->data)
dummyset->data = expr_clone(set->data);
dummyset->flags = set->flags;
dummyset->init = set_expr_alloc(monh->loc, set);
+ dummyset->desc.field_count = set->desc.field_count;
nlsei = nftnl_set_elems_iter_create(nls);
if (nlsei == NULL)
@@ -437,6 +476,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
nft_mon_print(monh, "%s element %s %s %s ",
cmd, family2str(family), table, setname);
expr_print(dummyset->init, &monh->ctx->nft->output);
+ nft_mon_print(monh, "\n");
break;
case NFTNL_OUTPUT_JSON:
dummyset->handle.family = family;
@@ -446,9 +486,10 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
/* prevent set_free() from trying to free those */
dummyset->handle.set.name = NULL;
dummyset->handle.table.name = NULL;
+ if (!nft_output_echo(&monh->ctx->nft->output))
+ nft_mon_print(monh, "\n");
break;
}
- nft_mon_print(monh, "\n");
set_free(dummyset);
out:
nftnl_set_free(nls);
@@ -465,12 +506,12 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type,
nlo = netlink_obj_alloc(nlh);
obj = netlink_delinearize_obj(monh->ctx, nlo);
- if (obj == NULL) {
+ if (!obj) {
nftnl_obj_free(nlo);
return MNL_CB_ERROR;
}
family = family2str(obj->handle.family);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
@@ -488,12 +529,14 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type,
obj->handle.obj.name);
break;
}
+ nft_mon_print(monh, "\n");
break;
case NFTNL_OUTPUT_JSON:
monitor_print_obj_json(monh, cmd, obj);
+ if (!nft_output_echo(&monh->ctx->nft->output))
+ nft_mon_print(monh, "\n");
break;
}
- nft_mon_print(monh, "\n");
obj_free(obj);
nftnl_obj_free(nlo);
return MNL_CB_OK;
@@ -501,8 +544,13 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type,
static void rule_map_decompose_cb(struct set *s, void *data)
{
- if (set_is_interval(s->flags) && set_is_anonymous(s->flags))
+ if (!set_is_anonymous(s->flags))
+ return;
+
+ if (set_is_non_concat_range(s))
interval_map_decompose(s->init);
+ else if (set_is_interval(s->flags))
+ concat_range_aggregate(s->init);
}
static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type,
@@ -514,9 +562,13 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type,
nlr = netlink_rule_alloc(nlh);
r = netlink_delinearize_rule(monh->ctx, nlr);
+ if (!r) {
+ fprintf(stderr, "W: Received event for an unknown table.\n");
+ goto out_free_nlr;
+ }
nlr_for_each_set(nlr, rule_map_decompose_cb, NULL,
&monh->ctx->nft->cache);
- cmd = netlink_msg2cmd(type);
+ cmd = netlink_msg2cmd(type, nlh->nlmsg_flags);
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
@@ -527,7 +579,10 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type,
family,
r->handle.table.name,
r->handle.chain.name);
-
+ if (r->handle.position.id) {
+ nft_mon_print(monh, "handle %" PRIu64" ",
+ r->handle.position.id);
+ }
switch (type) {
case NFT_MSG_NEWRULE:
rule_print(r, &monh->ctx->nft->output);
@@ -538,13 +593,16 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type,
r->handle.handle.id);
break;
}
+ nft_mon_print(monh, "\n");
break;
case NFTNL_OUTPUT_JSON:
monitor_print_rule_json(monh, cmd, r);
+ if (!nft_output_echo(&monh->ctx->nft->output))
+ nft_mon_print(monh, "\n");
break;
}
- nft_mon_print(monh, "\n");
rule_free(r);
+out_free_nlr:
nftnl_rule_free(nlr);
return MNL_CB_OK;
}
@@ -559,7 +617,7 @@ static void netlink_events_cache_addtable(struct netlink_mon_handler *monh,
t = netlink_delinearize_table(monh->ctx, nlt);
nftnl_table_free(nlt);
- table_add_hash(t, &monh->ctx->nft->cache);
+ table_cache_add(t, &monh->ctx->nft->cache);
}
static void netlink_events_cache_deltable(struct netlink_mon_handler *monh,
@@ -573,11 +631,12 @@ static void netlink_events_cache_deltable(struct netlink_mon_handler *monh,
h.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY);
h.table.name = nftnl_table_get_str(nlt, NFTNL_TABLE_NAME);
- t = table_lookup(&h, &monh->ctx->nft->cache);
+ t = table_cache_find(&monh->ctx->nft->cache.table_cache,
+ h.table.name, h.family);
if (t == NULL)
goto out;
- list_del(&t->list);
+ table_cache_del(t);
table_free(t);
out:
nftnl_table_free(nlt);
@@ -595,6 +654,7 @@ static void netlink_events_cache_addset(struct netlink_mon_handler *monh,
memset(&set_tmpctx, 0, sizeof(set_tmpctx));
init_list_head(&set_tmpctx.list);
init_list_head(&msgs);
+ set_tmpctx.nft = monh->ctx->nft;
set_tmpctx.msgs = &msgs;
nls = netlink_set_alloc(nlh);
@@ -603,7 +663,8 @@ static void netlink_events_cache_addset(struct netlink_mon_handler *monh,
goto out;
s->init = set_expr_alloc(monh->loc, s);
- t = table_lookup(&s->handle, &monh->ctx->nft->cache);
+ t = table_cache_find(&monh->ctx->nft->cache.table_cache,
+ s->handle.table.name, s->handle.family);
if (t == NULL) {
fprintf(stderr, "W: Unable to cache set: table not found.\n");
set_free(s);
@@ -616,7 +677,7 @@ static void netlink_events_cache_addset(struct netlink_mon_handler *monh,
goto out;
}
- set_add_hash(s, t);
+ set_cache_add(s, t);
out:
nftnl_set_free(nls);
}
@@ -671,7 +732,7 @@ out:
static void netlink_events_cache_delset_cb(struct set *s,
void *data)
{
- list_del(&s->list);
+ set_cache_del(s);
set_free(s);
}
@@ -704,14 +765,15 @@ static void netlink_events_cache_addobj(struct netlink_mon_handler *monh,
if (obj == NULL)
goto out;
- t = table_lookup(&obj->handle, &monh->ctx->nft->cache);
+ t = table_cache_find(&monh->ctx->nft->cache.table_cache,
+ obj->handle.table.name, obj->handle.family);
if (t == NULL) {
fprintf(stderr, "W: Unable to cache object: table not found.\n");
obj_free(obj);
goto out;
}
- obj_add_hash(obj, t);
+ obj_cache_add(obj, t);
out:
nftnl_obj_free(nlo);
}
@@ -734,19 +796,20 @@ static void netlink_events_cache_delobj(struct netlink_mon_handler *monh,
type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE);
h.handle.id = nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE);
- t = table_lookup(&h, &monh->ctx->nft->cache);
+ t = table_cache_find(&monh->ctx->nft->cache.table_cache,
+ h.table.name, h.family);
if (t == NULL) {
fprintf(stderr, "W: Unable to cache object: table not found.\n");
goto out;
}
- obj = obj_lookup(t, name, type);
+ obj = obj_cache_find(t, name, type);
if (obj == NULL) {
fprintf(stderr, "W: Unable to find object in cache\n");
goto out;
}
- list_del(&obj->list);
+ obj_cache_del(obj);
obj_free(obj);
out:
nftnl_obj_free(nlo);
@@ -826,6 +889,9 @@ static int netlink_events_newgen_cb(const struct nlmsghdr *nlh, int type,
char name[256] = "";
int genid = -1, pid = -1;
+ if (monh->format != NFTNL_OUTPUT_DEFAULT)
+ return MNL_CB_OK;
+
mnl_attr_for_each(attr, nlh, sizeof(struct nfgenmsg)) {
switch (mnl_attr_get_type(attr)) {
case NFTA_GEN_ID:
@@ -908,6 +974,8 @@ int netlink_echo_callback(const struct nlmsghdr *nlh, void *data)
{
struct netlink_cb_data *nl_cb_data = data;
struct netlink_ctx *ctx = nl_cb_data->nl_ctx;
+ struct nft_ctx *nft = ctx->nft;
+
struct netlink_mon_handler echo_monh = {
.format = NFTNL_OUTPUT_DEFAULT,
.ctx = ctx,
@@ -918,8 +986,13 @@ int netlink_echo_callback(const struct nlmsghdr *nlh, void *data)
if (!nft_output_echo(&echo_monh.ctx->nft->output))
return MNL_CB_OK;
- if (nft_output_json(&ctx->nft->output))
- return json_events_cb(nlh, &echo_monh);
+ if (nft_output_json(&nft->output)) {
+ if (nft->json_root)
+ return json_events_cb(nlh, &echo_monh);
+ if (!nft->json_echo)
+ json_alloc_echo(nft);
+ echo_monh.format = NFTNL_OUTPUT_JSON;
+ }
return netlink_events_cb(nlh, &echo_monh);
}