On Sat, Dec 12, 2020 at 04:15:32PM +0100, Florian Westphal wrote:
> trace_print_rule does a rule dump. This prints unrelated rules
> in the same chain. Instead the function should only request the
> specific handle.
>
> Furthermore, flush output buffer afterwards so this plays nice when
> output isn't a terminal.
>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
> iptables/xtables-monitor.c | 32 +++++++++++++++-----------------
> 1 file changed, 15 insertions(+), 17 deletions(-)
>
> diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
> index 4008cc00d469..364e600e1b38 100644
> --- a/iptables/xtables-monitor.c
> +++ b/iptables/xtables-monitor.c
> @@ -227,12 +227,12 @@ static void trace_print_rule(const struct nftnl_trace *nlt, struct cb_arg *args)
> exit(EXIT_FAILURE);
> }
>
> - nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, NLM_F_DUMP, 0);
> + nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, 0, 0);
>
> nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
> nftnl_rule_set_str(r, NFTNL_RULE_CHAIN, chain);
> nftnl_rule_set_str(r, NFTNL_RULE_TABLE, table);
> - nftnl_rule_set_u64(r, NFTNL_RULE_POSITION, handle);
> + nftnl_rule_set_u64(r, NFTNL_RULE_HANDLE, handle);
> nftnl_rule_nlmsg_build_payload(nlh, r);
> nftnl_rule_free(r);
>
> @@ -248,24 +248,21 @@ static void trace_print_rule(const struct nftnl_trace *nlt, struct cb_arg *args)
> }
>
> portid = mnl_socket_get_portid(nl);
> - if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
> - perror("mnl_socket_send");
> - exit(EXIT_FAILURE);
> - }
> + if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
> + perror("mnl_socket_send");
> + exit(EXIT_FAILURE);
> + }
Just in case someone else wonders as well: This does a whitespace
cleanup, replacing spaces by tabs. Later changes contain the same
cleanup, too.
Cheers, Phil
