summaryrefslogtreecommitdiffstats
path: root/src/monitor.c
Commit message (Collapse)AuthorAgeFilesLines
* src: use set_is_anonymous()Pablo Neira Ayuso2019-07-161-2/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* monitor: fix double cache update with --echoPablo Neira Ayuso2019-07-011-1/+0
| | | | | | | | | The evaluation step already updates the cache for each command in this batch. There is no need to update the cache again from the echo path, otherwise the cache is populated twice with the same object. Fixes: b99c4d072d99 ("Implement --echo option") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: use UDATA defines from libnftnlPhil Sutter2019-05-031-1/+1
| | | | | | | | | | | | | Userdata attribute names have been added to libnftnl, use them instead of the local copy. While being at it, rename udata_get_comment() in netlink_delinearize.c and the callback it uses since the function is specific to rules. Also integrate the existence check for NFTNL_RULE_USERDATA into it along with the call to nftnl_rule_get_data(). Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: expr: add expression etypeFlorian Westphal2019-02-081-1/+1
| | | | | | | | Temporary kludge to remove all the expr->ops->type == ... patterns. Followup patch will remove expr->ops, and make expr_ops() lookup the correct expr_ops struct instead to reduce struct expr size. Signed-off-by: Florian Westphal <fw@strlen.de>
* src: get rid of nft_ctx_output_{get,set}_numeric()Pablo Neira Ayuso2018-10-301-5/+3
| | | | | | | | | | | | | | | | | | | | | | | This patch adds NFT_CTX_OUTPUT_NUMERIC_SYMBOL, which replaces the last client of the numeric level approach. This patch updates `-n' option semantics to display all output numerically. Note that monitor code was still using the -n option to skip printing the process name, this patch updates that path too to print it inconditionally to simplify things. Given the numeric levels have no more clients after this patch, remove that code. Update several tests/shell not to use -nn. This patch adds NFT_CTX_OUTPUT_NUMERIC_ALL which enables all flags to provide a fully numerical output. Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_ctx_output_{get,set}_echo() to nft_ctx_output_{get,set}_flagsPablo Neira Ayuso2018-10-291-1/+1
| | | | | | | | Add NFT_CTX_OUTPUT_ECHO flag and echo the command that has been send to the kernel. Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_ctx_output_{get,set}_json() to nft_ctx_output_{get,set}_flagsPablo Neira Ayuso2018-10-291-1/+1
| | | | | | | Add NFT_CTX_OUTPUT_JSON flag and display output in json format. Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_ctx_output_{get,set}_handle() to nft_ctx_output_{get,set}_flagsPablo Neira Ayuso2018-10-291-1/+1
| | | | | | | | Add NFT_CTX_OUTPUT_HANDLE flag and print handle that uniquely identify objects from new output flags interface. Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Add support for echo optionPhil Sutter2018-10-291-5/+8
| | | | | | | | | | | | | | | | The basic principle is to not return a JSON object freshly created from netlink responses, but just update the existing user-provided one to make sure callers get back exactly what they expect. To achieve that, keep the parsed JSON object around in a global variable ('cur_root') and provide a custom callback to insert handles into it from received netlink messages. The tricky bit here is updating rules since unique identification is problematic. Therefore drop possibly present handles from input and later assume updates are received in order so the first rule not having a handle set is the right one. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: pass struct nft_ctx through struct netlink_ctxPablo Neira Ayuso2018-10-221-26/+26
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* monitor: Use libnftables JSON outputPhil Sutter2018-10-151-138/+143
| | | | | | | | This switches 'nft monitor' JSON output from using libnftnl's to libnftables' implementation. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* monitor: Drop 'update table' and 'update chain' casesPhil Sutter2018-10-151-8/+2
| | | | | | | | | There seems to be no situation where this comes to play. Also, since there is no 'nft update table/chain' command, this is inconsistent with input. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* monitor: Drop fake XML supportPhil Sutter2018-10-151-6/+0
| | | | | | | | Since libnftnl doesn't support XML formatting, pretending to do so in nft monitor is pointless. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add table_specPablo Neira Ayuso2018-05-061-2/+2
| | | | | | Store location object in handle to improve error reporting. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: centralize netlink error reportingPablo Neira Ayuso2018-04-241-8/+2
| | | | | | Consolidate error reporting from do_command() call. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: move monitor code to src/monitor.cPablo Neira Ayuso2018-03-071-0/+948
netlink.c is rather large file, move the monitor code to its own file. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Phil Sutter <phil@nwl.cc> Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org>