|
 |
ec5e2e |
From 0b886ea23e8473e692bdf20ecf4985f44408a132 Mon Sep 17 00:00:00 2001
|
|
|
ec5e2e |
From: Florian Westphal <fw@strlen.de>
|
|
|
ec5e2e |
Date: Sat, 12 Dec 2020 16:15:32 +0100
|
|
|
ec5e2e |
Subject: [PATCH] xtables-monitor: fix rule printing
|
|
|
ec5e2e |
|
|
|
ec5e2e |
trace_print_rule does a rule dump. This prints unrelated rules
|
|
|
ec5e2e |
in the same chain. Instead the function should only request the
|
|
|
ec5e2e |
specific handle.
|
|
|
ec5e2e |
|
|
|
ec5e2e |
Furthermore, flush output buffer afterwards so this plays nice when
|
|
|
ec5e2e |
output isn't a terminal.
|
|
|
ec5e2e |
|
|
|
ec5e2e |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
ec5e2e |
(cherry picked from commit 07af4da52ab3002c9cb510863b4eb7aaca4fb43b)
|
|
|
ec5e2e |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
ec5e2e |
---
|
|
|
ec5e2e |
iptables/xtables-monitor.c | 32 +++++++++++++++-----------------
|
|
|
ec5e2e |
1 file changed, 15 insertions(+), 17 deletions(-)
|
|
|
ec5e2e |
|
|
|
ec5e2e |
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
|
|
|
ec5e2e |
index 92962a2a95f48..43b9064c3d30e 100644
|
|
|
ec5e2e |
--- a/iptables/xtables-monitor.c
|
|
|
ec5e2e |
+++ b/iptables/xtables-monitor.c
|
|
|
ec5e2e |
@@ -227,12 +227,12 @@ static void trace_print_rule(const struct nftnl_trace *nlt, struct cb_arg *args)
|
|
|
ec5e2e |
exit(EXIT_FAILURE);
|
|
|
ec5e2e |
}
|
|
|
ec5e2e |
|
|
|
ec5e2e |
- nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, NLM_F_DUMP, 0);
|
|
|
ec5e2e |
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, 0, 0);
|
|
|
ec5e2e |
|
|
|
ec5e2e |
nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
|
|
|
ec5e2e |
nftnl_rule_set_str(r, NFTNL_RULE_CHAIN, chain);
|
|
|
ec5e2e |
nftnl_rule_set_str(r, NFTNL_RULE_TABLE, table);
|
|
|
ec5e2e |
- nftnl_rule_set_u64(r, NFTNL_RULE_POSITION, handle);
|
|
|
ec5e2e |
+ nftnl_rule_set_u64(r, NFTNL_RULE_HANDLE, handle);
|
|
|
ec5e2e |
nftnl_rule_nlmsg_build_payload(nlh, r);
|
|
|
ec5e2e |
nftnl_rule_free(r);
|
|
|
ec5e2e |
|
|
|
ec5e2e |
@@ -248,24 +248,21 @@ static void trace_print_rule(const struct nftnl_trace *nlt, struct cb_arg *args)
|
|
|
ec5e2e |
}
|
|
|
ec5e2e |
|
|
|
ec5e2e |
portid = mnl_socket_get_portid(nl);
|
|
|
ec5e2e |
- if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
|
|
|
ec5e2e |
- perror("mnl_socket_send");
|
|
|
ec5e2e |
- exit(EXIT_FAILURE);
|
|
|
ec5e2e |
- }
|
|
|
ec5e2e |
+ if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
|
|
|
ec5e2e |
+ perror("mnl_socket_send");
|
|
|
ec5e2e |
+ exit(EXIT_FAILURE);
|
|
|
ec5e2e |
+ }
|
|
|
ec5e2e |
|
|
|
ec5e2e |
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
|
|
|
ec5e2e |
- while (ret > 0) {
|
|
|
ec5e2e |
+ if (ret > 0) {
|
|
|
ec5e2e |
args->is_event = false;
|
|
|
ec5e2e |
- ret = mnl_cb_run(buf, ret, 0, portid, rule_cb, args);
|
|
|
ec5e2e |
- if (ret <= 0)
|
|
|
ec5e2e |
- break;
|
|
|
ec5e2e |
- ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
|
|
|
ec5e2e |
- }
|
|
|
ec5e2e |
- if (ret == -1) {
|
|
|
ec5e2e |
- perror("error");
|
|
|
ec5e2e |
- exit(EXIT_FAILURE);
|
|
|
ec5e2e |
- }
|
|
|
ec5e2e |
- mnl_socket_close(nl);
|
|
|
ec5e2e |
+ ret = mnl_cb_run(buf, ret, 0, portid, rule_cb, args);
|
|
|
ec5e2e |
+ }
|
|
|
ec5e2e |
+ if (ret == -1) {
|
|
|
ec5e2e |
+ perror("error");
|
|
|
ec5e2e |
+ exit(EXIT_FAILURE);
|
|
|
ec5e2e |
+ }
|
|
|
ec5e2e |
+ mnl_socket_close(nl);
|
|
|
ec5e2e |
}
|
|
|
ec5e2e |
|
|
|
ec5e2e |
static void trace_print_packet(const struct nftnl_trace *nlt, struct cb_arg *args)
|
|
|
ec5e2e |
@@ -531,6 +528,7 @@ static int trace_cb(const struct nlmsghdr *nlh, struct cb_arg *arg)
|
|
|
ec5e2e |
err_free:
|
|
|
ec5e2e |
nftnl_trace_free(nlt);
|
|
|
ec5e2e |
err:
|
|
|
ec5e2e |
+ fflush(stdout);
|
|
|
ec5e2e |
return MNL_CB_OK;
|
|
|
ec5e2e |
}
|
|
|
ec5e2e |
|
|
|
ec5e2e |
--
|
|
|
ec5e2e |
2.31.1
|
|
|
ec5e2e |
|