From 44cc91b788ed123b9816cddda56931a8d98e6c59 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 11 Nov 2021 11:13:37 +0100 Subject: [PATCH] nftables-0.9.8-9.el9 - doc: nft.8: Extend monitor description by trace Resolves: rhbz#2003707 --- ...-Extend-monitor-description-by-trace.patch | 63 +++++++++++++++++++ nftables.spec | 6 +- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 0018-doc-nft.8-Extend-monitor-description-by-trace.patch diff --git a/0018-doc-nft.8-Extend-monitor-description-by-trace.patch b/0018-doc-nft.8-Extend-monitor-description-by-trace.patch new file mode 100644 index 0000000..b58ed8a --- /dev/null +++ b/0018-doc-nft.8-Extend-monitor-description-by-trace.patch @@ -0,0 +1,63 @@ +From 7f5707d93a62cf7474d94e038188a0a8ae2924e7 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 19 May 2021 13:12:48 +0200 +Subject: [PATCH] doc: nft.8: Extend monitor description by trace + +Briefly describe 'nft monitor trace' command functionality. + +Signed-off-by: Phil Sutter +(cherry picked from commit 2acf8b2caea19d8abd46d475a908f8d6afb33aa0) +--- + doc/nft.txt | 25 ++++++++++++++++++++++--- + 1 file changed, 22 insertions(+), 3 deletions(-) + +diff --git a/doc/nft.txt b/doc/nft.txt +index 2642d8903787f..7b3c70d82a127 100644 +--- a/doc/nft.txt ++++ b/doc/nft.txt +@@ -805,13 +805,26 @@ These are some additional commands included in nft. + MONITOR + ~~~~~~~~ + The monitor command allows you to listen to Netlink events produced by the +-nf_tables subsystem, related to creation and deletion of objects. When they ++nf_tables subsystem. These are either related to creation and deletion of ++objects or to packets for which *meta nftrace* was enabled. When they + occur, nft will print to stdout the monitored events in either JSON or + native nft format. + + +-To filter events related to a concrete object, use one of the keywords 'tables', 'chains', 'sets', 'rules', 'elements', 'ruleset'. + ++[verse] ++____ ++*monitor* [*new* | *destroy*] 'MONITOR_OBJECT' ++*monitor* *trace* ++ ++'MONITOR_OBJECT' := *tables* | *chains* | *sets* | *rules* | *elements* | *ruleset* ++____ + +-To filter events related to a concrete action, use keyword 'new' or 'destroy'. ++To filter events related to a concrete object, use one of the keywords in ++'MONITOR_OBJECT'. ++ ++To filter events related to a concrete action, use keyword *new* or *destroy*. ++ ++The second form of invocation takes no further options and exclusively prints ++events generated for packets with *nftrace* enabled. + + Hit ^C to finish the monitor operation. + +@@ -835,6 +848,12 @@ Hit ^C to finish the monitor operation. + % nft monitor ruleset + --------------------- + ++.Trace incoming packets from host 10.0.0.1 ++------------------------------------------ ++% nft add rule filter input ip saddr 10.0.0.1 meta nftrace set 1 ++% nft monitor trace ++------------------------------------------ ++ + ERROR REPORTING + --------------- + When an error is detected, nft shows the line(s) containing the error, the +-- +2.33.0 + diff --git a/nftables.spec b/nftables.spec index 89e186a..be66a87 100644 --- a/nftables.spec +++ b/nftables.spec @@ -1,6 +1,6 @@ Name: nftables Version: 0.9.8 -Release: 8%{?dist} +Release: 9%{?dist} # Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track. Epoch: 1 Summary: Netfilter Tables userspace utillites @@ -31,6 +31,7 @@ Patch14: 0014-src-add-xzalloc_array-and-use-it-to-allocate-the-exp.patch Patch15: 0015-json-init-parser-state-for-every-new-buffer-file.patch Patch16: 0016-segtree-Fix-segfault-when-restoring-a-huge-interval-.patch Patch17: 0017-tests-cover-baecd1cf2685-segtree-Fix-segfault-when-r.patch +Patch18: 0018-doc-nft.8-Extend-monitor-description-by-trace.patch #BuildRequires: autogen #BuildRequires: autoconf @@ -140,6 +141,9 @@ sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \ %{python3_sitelib}/nftables/ %changelog +* Thu Nov 11 2021 Phil Sutter - 1:0.9.8-9 +- doc: nft.8: Extend monitor description by trace + * Fri Nov 05 2021 Phil Sutter - 1:0.9.8-8 - tests: cover baecd1cf2685 ("segtree: Fix segfault when restoring a huge interval set") - segtree: Fix segfault when restoring a huge interval set