103 lines
3.2 KiB
Diff
103 lines
3.2 KiB
Diff
|
From 07f51d26e405b4a328813f35bc27015eb9324330 Mon Sep 17 00:00:00 2001
|
||
|
From: Florian Westphal <fw@strlen.de>
|
||
|
Date: Sat, 12 Dec 2020 16:15:34 +0100
|
||
|
Subject: [PATCH] xtables-monitor: print packet first
|
||
|
|
||
|
The trace mode should first print the packet that was received and
|
||
|
then the rule/verdict.
|
||
|
|
||
|
Furthermore, the monitor did sometimes print an extra newline.
|
||
|
|
||
|
After this patch, output is more consistent with nft monitor.
|
||
|
|
||
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||
|
(cherry picked from commit 180ba723d0b305fab9287d3bc5f845a43d9eb793)
|
||
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||
|
---
|
||
|
iptables/xtables-monitor.c | 34 +++++++++++++++++++++++-----------
|
||
|
1 file changed, 23 insertions(+), 11 deletions(-)
|
||
|
|
||
|
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
|
||
|
index 9fa1ca166a61e..23e828988bb8b 100644
|
||
|
--- a/iptables/xtables-monitor.c
|
||
|
+++ b/iptables/xtables-monitor.c
|
||
|
@@ -106,6 +106,7 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data)
|
||
|
printf("-0 ");
|
||
|
break;
|
||
|
default:
|
||
|
+ puts("");
|
||
|
goto err_free;
|
||
|
}
|
||
|
|
||
|
@@ -433,9 +434,18 @@ static void trace_print_packet(const struct nftnl_trace *nlt, struct cb_arg *arg
|
||
|
mark = nftnl_trace_get_u32(nlt, NFTNL_TRACE_MARK);
|
||
|
if (mark)
|
||
|
printf("MARK=0x%x ", mark);
|
||
|
+ puts("");
|
||
|
+}
|
||
|
+
|
||
|
+static void trace_print_hdr(const struct nftnl_trace *nlt)
|
||
|
+{
|
||
|
+ printf(" TRACE: %d %08x %s:%s", nftnl_trace_get_u32(nlt, NFTNL_TABLE_FAMILY),
|
||
|
+ nftnl_trace_get_u32(nlt, NFTNL_TRACE_ID),
|
||
|
+ nftnl_trace_get_str(nlt, NFTNL_TRACE_TABLE),
|
||
|
+ nftnl_trace_get_str(nlt, NFTNL_TRACE_CHAIN));
|
||
|
}
|
||
|
|
||
|
-static void print_verdict(struct nftnl_trace *nlt, uint32_t verdict)
|
||
|
+static void print_verdict(const struct nftnl_trace *nlt, uint32_t verdict)
|
||
|
{
|
||
|
const char *chain;
|
||
|
|
||
|
@@ -496,35 +506,37 @@ static int trace_cb(const struct nlmsghdr *nlh, struct cb_arg *arg)
|
||
|
arg->nfproto != nftnl_trace_get_u32(nlt, NFTNL_TABLE_FAMILY))
|
||
|
goto err_free;
|
||
|
|
||
|
- printf(" TRACE: %d %08x %s:%s", nftnl_trace_get_u32(nlt, NFTNL_TABLE_FAMILY),
|
||
|
- nftnl_trace_get_u32(nlt, NFTNL_TRACE_ID),
|
||
|
- nftnl_trace_get_str(nlt, NFTNL_TRACE_TABLE),
|
||
|
- nftnl_trace_get_str(nlt, NFTNL_TRACE_CHAIN));
|
||
|
-
|
||
|
switch (nftnl_trace_get_u32(nlt, NFTNL_TRACE_TYPE)) {
|
||
|
case NFT_TRACETYPE_RULE:
|
||
|
verdict = nftnl_trace_get_u32(nlt, NFTNL_TRACE_VERDICT);
|
||
|
- printf(":rule:0x%llx:", (unsigned long long)nftnl_trace_get_u64(nlt, NFTNL_TRACE_RULE_HANDLE));
|
||
|
- print_verdict(nlt, verdict);
|
||
|
|
||
|
- if (nftnl_trace_is_set(nlt, NFTNL_TRACE_RULE_HANDLE))
|
||
|
- trace_print_rule(nlt, arg);
|
||
|
if (nftnl_trace_is_set(nlt, NFTNL_TRACE_LL_HEADER) ||
|
||
|
nftnl_trace_is_set(nlt, NFTNL_TRACE_NETWORK_HEADER))
|
||
|
trace_print_packet(nlt, arg);
|
||
|
+
|
||
|
+ if (nftnl_trace_is_set(nlt, NFTNL_TRACE_RULE_HANDLE)) {
|
||
|
+ trace_print_hdr(nlt);
|
||
|
+ printf(":rule:0x%" PRIx64":", nftnl_trace_get_u64(nlt, NFTNL_TRACE_RULE_HANDLE));
|
||
|
+ print_verdict(nlt, verdict);
|
||
|
+ printf(" ");
|
||
|
+ trace_print_rule(nlt, arg);
|
||
|
+ }
|
||
|
break;
|
||
|
case NFT_TRACETYPE_POLICY:
|
||
|
+ trace_print_hdr(nlt);
|
||
|
printf(":policy:");
|
||
|
verdict = nftnl_trace_get_u32(nlt, NFTNL_TRACE_POLICY);
|
||
|
|
||
|
print_verdict(nlt, verdict);
|
||
|
+ puts("");
|
||
|
break;
|
||
|
case NFT_TRACETYPE_RETURN:
|
||
|
+ trace_print_hdr(nlt);
|
||
|
printf(":return:");
|
||
|
trace_print_return(nlt);
|
||
|
+ puts("");
|
||
|
break;
|
||
|
}
|
||
|
- puts("");
|
||
|
err_free:
|
||
|
nftnl_trace_free(nlt);
|
||
|
err:
|
||
|
--
|
||
|
2.31.1
|
||
|
|