This patch extends the event monitoring infrastructure to catch events of addition and removal of stateful objects. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- include/rule.h | 3 ++ src/netlink.c | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/rule.c | 25 +++++++++++ 3 files changed, 162 insertions(+) diff --git a/include/rule.h b/include/rule.h index 86c0392f89af..878563d9fcbc 100644 --- a/include/rule.h +++ b/include/rule.h @@ -283,7 +283,10 @@ struct obj { struct obj *obj_alloc(const struct location *loc); void obj_free(struct obj *obj); void obj_add_hash(struct obj *obj, struct table *table); +struct obj *obj_lookup(const struct table *table, const char *name, + uint32_t type); void obj_print(const struct obj *n); +void obj_print_plain(const struct obj *obj); const char *obj_type_name(uint32_t type); /** diff --git a/src/netlink.c b/src/netlink.c index 97220f451343..5f478ff07319 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1923,6 +1923,19 @@ static struct nftnl_rule *netlink_rule_alloc(const struct nlmsghdr *nlh) return nlr; } +static struct nftnl_obj *netlink_obj_alloc(const struct nlmsghdr *nlh) +{ + struct nftnl_obj *nlo; + + nlo = nftnl_obj_alloc(); + if (nlo == NULL) + memory_allocation_error(); + if (nftnl_obj_nlmsg_parse(nlh, nlo) < 0) + netlink_abi_error(); + + return nlo; +} + static uint32_t netlink_msg2nftnl_of(uint32_t msg) { switch (msg) { @@ -2184,6 +2197,51 @@ out: return MNL_CB_OK; } +static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type, + struct netlink_mon_handler *monh) +{ + struct nftnl_obj *nlo; + uint32_t family; + struct obj *obj; + + nlo = netlink_obj_alloc(nlh); + + switch (monh->format) { + case NFTNL_OUTPUT_DEFAULT: + switch (type) { + case NFT_MSG_NEWOBJ: + printf("add "); + obj = netlink_delinearize_obj(monh->ctx, nlo); + if (obj == NULL) { + nftnl_obj_free(nlo); + return MNL_CB_ERROR; + } + obj_print_plain(obj); + obj_free(obj); + printf("\n"); + break; + case NFT_MSG_DELOBJ: + family = nftnl_obj_get_u32(nlo, NFTNL_OBJ_FAMILY); + printf("delete %s %s %s %s\n", + obj_type_name(nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE)), + family2str(family), + nftnl_obj_get_str(nlo, NFTNL_OBJ_TABLE), + nftnl_obj_get_str(nlo, NFTNL_OBJ_NAME)); + break; + } + break; + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_obj_fprintf(stdout, nlo, monh->format, + netlink_msg2nftnl_of(type)); + fprintf(stdout, "\n"); + break; + } + + nftnl_obj_free(nlo); + return MNL_CB_OK; +} + static void rule_map_decompose_cb(struct set *s, void *data) { if (s->flags & NFT_SET_INTERVAL) @@ -2363,6 +2421,72 @@ static void netlink_events_cache_delsets(struct netlink_mon_handler *monh, nftnl_rule_free(nlr); } +static void netlink_events_cache_addobj(struct netlink_mon_handler *monh, + const struct nlmsghdr *nlh) +{ + struct netlink_ctx obj_tmpctx; + struct nftnl_obj *nlo; + struct table *t; + struct obj *obj; + LIST_HEAD(msgs); + + memset(&obj_tmpctx, 0, sizeof(obj_tmpctx)); + init_list_head(&obj_tmpctx.list); + init_list_head(&msgs); + obj_tmpctx.msgs = &msgs; + + nlo = netlink_obj_alloc(nlh); + obj = netlink_delinearize_obj(&obj_tmpctx, nlo); + if (obj == NULL) + goto out; + + t = table_lookup(&obj->handle); + if (t == NULL) { + fprintf(stderr, "W: Unable to cache object: table not found.\n"); + obj_free(obj); + goto out; + } + + obj_add_hash(obj, t); +out: + nftnl_obj_free(nlo); +} + +static void netlink_events_cache_delobj(struct netlink_mon_handler *monh, + const struct nlmsghdr *nlh) +{ + struct nftnl_obj *nlo; + const char *name; + struct obj *obj; + struct handle h; + struct table *t; + uint32_t type; + + nlo = netlink_obj_alloc(nlh); + h.family = nftnl_obj_get_u32(nlo, NFTNL_OBJ_FAMILY); + h.table = nftnl_obj_get_str(nlo, NFTNL_OBJ_TABLE); + + name = nftnl_obj_get_str(nlo, NFTNL_OBJ_NAME); + type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE); + + t = table_lookup(&h); + if (t == NULL) { + fprintf(stderr, "W: Unable to cache object: table not found.\n"); + goto out; + } + + obj = obj_lookup(t, name, type); + if (obj == NULL) { + fprintf(stderr, "W: Unable to find object in cache\n"); + goto out; + } + + list_del(&obj->list); + obj_free(obj); +out: + nftnl_obj_free(nlo); +} + static void netlink_events_cache_update(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh, int type) { @@ -2386,6 +2510,12 @@ static void netlink_events_cache_update(struct netlink_mon_handler *monh, /* there are no notification for anon-set deletion */ netlink_events_cache_delsets(monh, nlh); break; + case NFT_MSG_NEWOBJ: + netlink_events_cache_addobj(monh, nlh); + break; + case NFT_MSG_DELOBJ: + netlink_events_cache_delobj(monh, nlh); + break; } } @@ -2697,6 +2827,10 @@ static int netlink_events_cb(const struct nlmsghdr *nlh, void *data) case NFT_MSG_TRACE: ret = netlink_events_trace_cb(nlh, type, monh); break; + case NFT_MSG_NEWOBJ: + case NFT_MSG_DELOBJ: + ret = netlink_events_obj_cb(nlh, type, monh); + break; } fflush(stdout); diff --git a/src/rule.c b/src/rule.c index b97213e94954..b6dc755e9621 100644 --- a/src/rule.c +++ b/src/rule.c @@ -1158,6 +1158,19 @@ void obj_add_hash(struct obj *obj, struct table *table) list_add_tail(&obj->list, &table->objs); } +struct obj *obj_lookup(const struct table *table, const char *name, + uint32_t type) +{ + struct obj *obj; + + list_for_each_entry(obj, &table->objs, list) { + if (!strcmp(obj->handle.obj, name) && + obj->type == type) + return obj; + } + return NULL; +} + static void obj_print_data(const struct obj *obj, struct print_fmt_options *opts) { @@ -1229,6 +1242,18 @@ void obj_print(const struct obj *obj) obj_print_declaration(obj, &opts); } +void obj_print_plain(const struct obj *obj) +{ + struct print_fmt_options opts = { + .tab = "", + .nl = " ", + .table = obj->handle.table, + .family = family2str(obj->handle.family), + }; + + obj_print_declaration(obj, &opts); +} + static int do_list_obj(struct netlink_ctx *ctx, struct cmd *cmd, uint32_t type) { struct print_fmt_options opts = { -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html