From 892ec2ca97263ccfffb52f2943c2ab2ac34f476d Mon Sep 17 00:00:00 2001

From: Phil Sutter <phil@nwl.cc>

Date: Thu, 11 Oct 2018 17:48:59 +0200

Subject: [PATCH] monitor: Fix printing of ct objects

Monitor output is supposed to be single lined without tabs, but ct

object were printed with newlines and tabs hard-coded. Fixing this

wasn't too hard given that there is 'stmt_separator' to also include

semi-colons where required if newline was removed.

A more obvious mistake was position of object type in monitor output:

Like with other object types, it has to occur between command and table

spec. As a positive side-effect, this aligns ct objects better with

others (see obj_type_name_array for instance).

Signed-off-by: Phil Sutter <phil@nwl.cc>

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

(cherry picked from commit 90ed4fb3855f0d9d881b812c75e338e5e93081ba)

Conflicts:

	src/rule.c

	tests/shell/testcases/listing/0013objects_0

	tests/shell/testcases/nft-f/0017ct_timeout_obj_0

	tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft

-> missing ct timeout support

Signed-off-by: Phil Sutter <psutter@redhat.com>

---

 src/json.c                       |  1 -

 src/rule.c                       | 26 ++++++++++++++++----------

 tests/monitor/testcases/object.t | 27 +++++++++++++++++++++++++++

 3 files changed, 43 insertions(+), 11 deletions(-)

 create mode 100644 tests/monitor/testcases/object.t

diff --git a/src/json.c b/src/json.c

index b6e6ca9c6c383..af157212c081e 100644

--- a/src/json.c

+++ b/src/json.c

@@ -264,7 +264,6 @@ static json_t *obj_print_json(struct output_ctx *octx, const struct obj *obj)

 		json_decref(tmp);

 		break;

 	case NFT_OBJECT_CT_HELPER:

-		type = "ct helper";

 		tmp = json_pack("{s:s, s:o, s:s}",

 				"type", obj->ct_helper.name, "protocol",

 				proto_name_json(obj->ct_helper.l4proto),

diff --git a/src/rule.c b/src/rule.c

index 56b956a4f8fec..eb06302d4f223 100644

--- a/src/rule.c

+++ b/src/rule.c

@@ -1432,8 +1432,8 @@ static void obj_print_data(const struct obj *obj,

 			nft_print(octx, "packets 0 bytes 0");

 			break;

 		}

-		nft_print(octx, "packets %" PRIu64 " bytes %" PRIu64 "",

-			  obj->counter.packets, obj->counter.bytes);

+		nft_print(octx, "packets %" PRIu64 " bytes %" PRIu64 "%s",

+			  obj->counter.packets, obj->counter.bytes, opts->nl);

 		break;

 	case NFT_OBJECT_QUOTA: {

 		const char *data_unit;

@@ -1452,18 +1452,22 @@ static void obj_print_data(const struct obj *obj,

 			nft_print(octx, " used %" PRIu64 " %s",

 				  bytes, data_unit);

 		}

+		nft_print(octx, "%s", opts->nl);

 		}

 		break;

 	case NFT_OBJECT_CT_HELPER:

-		nft_print(octx, "ct helper %s {", obj->handle.obj.name);

+		nft_print(octx, " %s {", obj->handle.obj.name);

 		if (octx->handle > 0)

 			nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);

 		nft_print(octx, "%s", opts->nl);

-		nft_print(octx, "\t\ttype \"%s\" protocol ",

-			  obj->ct_helper.name);

+		nft_print(octx, "%s%stype \"%s\" protocol ",

+			  opts->tab, opts->tab, obj->ct_helper.name);

 		print_proto_name_proto(obj->ct_helper.l4proto, octx);

-		nft_print(octx, "\t\tl3proto %s",

-			  family2str(obj->ct_helper.l3proto));

+		nft_print(octx, "%s", opts->stmt_separator);

+		nft_print(octx, "%s%sl3proto %s%s",

+			  opts->tab, opts->tab,

+			  family2str(obj->ct_helper.l3proto),

+			  opts->stmt_separator);

 		break;

 	case NFT_OBJECT_LIMIT: {

 		bool inv = obj->limit.flags & NFT_LIMIT_F_INV;

@@ -1498,10 +1502,11 @@ static void obj_print_data(const struct obj *obj,

 			}

 			break;

 		}

+		nft_print(octx, "%s", opts->nl);

 		}

 		break;

 	default:

-		nft_print(octx, "unknown {%s", opts->nl);

+		nft_print(octx, " unknown {%s", opts->nl);

 		break;

 	}

 }

@@ -1509,7 +1514,7 @@ static void obj_print_data(const struct obj *obj,

 static const char * const obj_type_name_array[] = {

 	[NFT_OBJECT_COUNTER]	= "counter",

 	[NFT_OBJECT_QUOTA]	= "quota",

-	[NFT_OBJECT_CT_HELPER]	= "",

+	[NFT_OBJECT_CT_HELPER]	= "ct helper",

 	[NFT_OBJECT_LIMIT]	= "limit",

 };

@@ -1548,7 +1553,7 @@ static void obj_print_declaration(const struct obj *obj,

 	obj_print_data(obj, opts, octx);

-	nft_print(octx, "%s%s}%s", opts->nl, opts->tab, opts->nl);

+	nft_print(octx, "%s}%s", opts->tab, opts->nl);

 }

 void obj_print(const struct obj *obj, struct output_ctx *octx)

@@ -1569,6 +1574,7 @@ void obj_print_plain(const struct obj *obj, struct output_ctx *octx)

 		.nl		= " ",

 		.table		= obj->handle.table.name,

 		.family		= family2str(obj->handle.family),

+		.stmt_separator = "; ",

 	};

 	obj_print_declaration(obj, &opts, octx);

diff --git a/tests/monitor/testcases/object.t b/tests/monitor/testcases/object.t

new file mode 100644

index 0000000000000..7b88409775796

--- /dev/null

+++ b/tests/monitor/testcases/object.t

@@ -0,0 +1,27 @@

+# first the setup

+I add table ip t

+O -

+

+I add counter ip t c

+O add counter ip t c { packets 0 bytes 0 }

+

+I delete counter ip t c

+O -

+

+I add quota ip t q 25 mbytes

+O add quota ip t q { 25 mbytes }

+

+I delete quota ip t q

+O -

+

+I add limit ip t l rate 1/second

+O add limit ip t l { rate 1/second }

+

+I delete limit ip t l

+O -

+

+I add ct helper ip t cth { type "sip" protocol tcp; l3proto ip; }

+O -

+

+I delete ct helper ip t cth

+O -

-- 

2.21.0