81 lines
2.6 KiB
Diff
81 lines
2.6 KiB
Diff
|
From 244a83f9e0809177f07fb7b7474f84a126cf827f Mon Sep 17 00:00:00 2001
|
||
|
From: Florian Westphal <fw@strlen.de>
|
||
|
Date: Wed, 20 Jun 2018 23:06:04 +0200
|
||
|
Subject: [PATCH] src: trace: fix policy printing
|
||
|
|
||
|
policy type is erronously handled via verdict, this is wrong.
|
||
|
It is a different event type and needs to be handled as such.
|
||
|
|
||
|
before:
|
||
|
trace id 42b54e71 inet filter input packet: iif "lo" ip saddr 127.0.0.1 ..
|
||
|
trace id 42b54e71 inet filter input rule ip protocol icmp nftrace set 1 (verdict continue)
|
||
|
trace id 42b54e71 inet filter input verdict continue
|
||
|
trace id 42b54e71 inet filter input
|
||
|
|
||
|
after:
|
||
|
trace id 9f40c5c7 inet filter input packet: iif "lo" ip saddr 127.0.0.1 ..
|
||
|
trace id 9f40c5c7 inet filter input rule ip protocol icmp nftrace set 1 (verdict continue)
|
||
|
trace id 9f40c5c7 inet filter input verdict continue
|
||
|
trace id 9f40c5c7 inet filter input policy drop
|
||
|
|
||
|
Reported-by: vtol@gmx.net
|
||
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||
|
(cherry picked from commit 78ba4ffdeacc9b31f7396d72c98907e861024653)
|
||
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||
|
---
|
||
|
src/netlink.c | 31 ++++++++++++++++++++++++++++++-
|
||
|
1 file changed, 30 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/src/netlink.c b/src/netlink.c
|
||
|
index ca5e9b4a0f8a6..4fd3f2dfefced 100644
|
||
|
--- a/src/netlink.c
|
||
|
+++ b/src/netlink.c
|
||
|
@@ -1705,7 +1705,22 @@ static void trace_print_verdict(const struct nftnl_trace *nlt,
|
||
|
chain = xstrdup(nftnl_trace_get_str(nlt, NFTNL_TRACE_JUMP_TARGET));
|
||
|
expr = verdict_expr_alloc(&netlink_location, verdict, chain);
|
||
|
|
||
|
- printf("verdict ");
|
||
|
+ nft_print(octx, "verdict ");
|
||
|
+ expr_print(expr, octx);
|
||
|
+ expr_free(expr);
|
||
|
+}
|
||
|
+
|
||
|
+static void trace_print_policy(const struct nftnl_trace *nlt,
|
||
|
+ struct output_ctx *octx)
|
||
|
+{
|
||
|
+ unsigned int policy;
|
||
|
+ struct expr *expr;
|
||
|
+
|
||
|
+ policy = nftnl_trace_get_u32(nlt, NFTNL_TRACE_POLICY);
|
||
|
+
|
||
|
+ expr = verdict_expr_alloc(&netlink_location, policy, NULL);
|
||
|
+
|
||
|
+ nft_print(octx, "policy ");
|
||
|
expr_print(expr, octx);
|
||
|
expr_free(expr);
|
||
|
}
|
||
|
@@ -1921,6 +1936,20 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type,
|
||
|
trace_print_rule(nlt, monh->ctx->octx, monh->cache);
|
||
|
break;
|
||
|
case NFT_TRACETYPE_POLICY:
|
||
|
+ trace_print_hdr(nlt, monh->ctx->octx);
|
||
|
+
|
||
|
+ if (nftnl_trace_is_set(nlt, NFTNL_TRACE_POLICY)) {
|
||
|
+ trace_print_policy(nlt, monh->ctx->octx);
|
||
|
+ nft_mon_print(monh, " ");
|
||
|
+ }
|
||
|
+
|
||
|
+ if (nftnl_trace_is_set(nlt, NFTNL_TRACE_MARK))
|
||
|
+ trace_print_expr(nlt, NFTNL_TRACE_MARK,
|
||
|
+ meta_expr_alloc(&netlink_location,
|
||
|
+ NFT_META_MARK),
|
||
|
+ monh->ctx->octx);
|
||
|
+ nft_mon_print(monh, "\n");
|
||
|
+ break;
|
||
|
case NFT_TRACETYPE_RETURN:
|
||
|
trace_print_hdr(nlt, monh->ctx->octx);
|
||
|
|
||
|
--
|
||
|
2.21.0
|
||
|
|