nftables-0.9.8-9.el9

- doc: nft.8: Extend monitor description by trace

Resolves: rhbz#2003707

0018-doc-nft.8-Extend-monitor-description-by-trace.patch

@@ -0,0 +1,63 @@
+From 7f5707d93a62cf7474d94e038188a0a8ae2924e7 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Wed, 19 May 2021 13:12:48 +0200
+Subject: [PATCH] doc: nft.8: Extend monitor description by trace
+
+Briefly describe 'nft monitor trace' command functionality.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 2acf8b2caea19d8abd46d475a908f8d6afb33aa0)
+---
+ doc/nft.txt | 25 ++++++++++++++++++++++---
+ 1 file changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/doc/nft.txt b/doc/nft.txt
+index 2642d8903787f..7b3c70d82a127 100644
+--- a/doc/nft.txt
++++ b/doc/nft.txt
+@@ -805,13 +805,26 @@ These are some additional commands included in nft.
+ MONITOR
+ ~~~~~~~~
+ The monitor command allows you to listen to Netlink events produced by the
+-nf_tables subsystem, related to creation and deletion of objects. When they
++nf_tables subsystem. These are either related to creation and deletion of
++objects or to packets for which *meta nftrace* was enabled. When they
+ occur, nft will print to stdout the monitored events in either JSON or
+ native nft format. +
+ 
+-To filter events related to a concrete object, use one of the keywords 'tables', 'chains', 'sets', 'rules', 'elements', 'ruleset'. +
++[verse]
++____
++*monitor* [*new* | *destroy*] 'MONITOR_OBJECT'
++*monitor* *trace*
++
++'MONITOR_OBJECT' := *tables* | *chains* | *sets* | *rules* | *elements* | *ruleset*
++____
+ 
+-To filter events related to a concrete action, use keyword 'new' or 'destroy'.
++To filter events related to a concrete object, use one of the keywords in
++'MONITOR_OBJECT'.
++
++To filter events related to a concrete action, use keyword *new* or *destroy*.
++
++The second form of invocation takes no further options and exclusively prints
++events generated for packets with *nftrace* enabled.
+ 
+ Hit ^C to finish the monitor operation.
+ 
+@@ -835,6 +848,12 @@ Hit ^C to finish the monitor operation.
+ % nft monitor ruleset
+ ---------------------
+ 
++.Trace incoming packets from host 10.0.0.1
++------------------------------------------
++% nft add rule filter input ip saddr 10.0.0.1 meta nftrace set 1
++% nft monitor trace
++------------------------------------------
++
+ ERROR REPORTING
+ ---------------
+ When an error is detected, nft shows the line(s) containing the error, the
+-- 
+2.33.0
+

nftables.spec

@@ -1,6 +1,6 @@
 Name:           nftables
 Version:        0.9.8
-Release:        8%{?dist}
+Release:        9%{?dist}
 # Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track.
 Epoch:          1
 Summary:        Netfilter Tables userspace utillites
@@ -31,6 +31,7 @@ Patch14: 0014-src-add-xzalloc_array-and-use-it-to-allocate-the-exp.patch
 Patch15: 0015-json-init-parser-state-for-every-new-buffer-file.patch
 Patch16: 0016-segtree-Fix-segfault-when-restoring-a-huge-interval-.patch
 Patch17: 0017-tests-cover-baecd1cf2685-segtree-Fix-segfault-when-r.patch
+Patch18: 0018-doc-nft.8-Extend-monitor-description-by-trace.patch
 
 #BuildRequires: autogen
 #BuildRequires: autoconf
@@ -140,6 +141,9 @@ sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \
 %{python3_sitelib}/nftables/
 
 %changelog
+* Thu Nov 11 2021 Phil Sutter <psutter@redhat.com> - 1:0.9.8-9
+- doc: nft.8: Extend monitor description by trace
+
 * Fri Nov 05 2021 Phil Sutter <psutter@redhat.com> - 1:0.9.8-8
 - tests: cover baecd1cf2685 ("segtree: Fix segfault when restoring a huge interval set")
 - segtree: Fix segfault when restoring a huge interval set