From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH cttools V3] conntrack: add connlabel format attribute
Date: Fri, 5 Jul 2013 06:57:46 +0200 [thread overview]
Message-ID: <20130705045746.GA3836@localhost> (raw)
In-Reply-To: <1372946679-11352-1-git-send-email-fw@strlen.de>
On Thu, Jul 04, 2013 at 04:04:39PM +0200, Florian Westphal wrote:
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> Changes since v2:
> - allow xml output again
> - use new nfct_snprint_labels() function from libnetfilter_conntrack.git
Looks good, thanks Florian.
You can remove a trailing whitespace by @@ -749,8 +751,8 @@ after
labels, not your fault, it was already there, but it's a good chance
to get rid of it.
We need to bump libnetfilter_conntrack dependency. I'll remember that
for the upcoming release.
> conntrack.8 | 4 +++-
> src/conntrack.c | 17 +++++++++++++----
> 2 files changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/conntrack.8 b/conntrack.8
> index a411fd4..d80a778 100644
> --- a/conntrack.8
> +++ b/conntrack.8
> @@ -88,11 +88,13 @@ Show the in-kernel connection tracking system statistics.
> Atomically zero counters after reading them. This option is only valid in
> combination with the "-L, --dump" command options.
> .TP
> -.BI "-o, --output [extended,xml,timestamp,id,ktimestamp] "
> +.BI "-o, --output [extended,xml,timestamp,id,ktimestamp,labels] "
> Display output in a certain format. With the extended output option, this tool
> displays the layer 3 information. With ktimestamp, it displays the in-kernel
> timestamp available since 2.6.38 (you can enable it via echo 1 >
> /proc/sys/net/netfilter/nf_conntrack_timestamp).
> +The labels output option tells conntrack to show the names of connection
> +tracking labels that might be present.
> .TP
> .BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]"
> Set the bitmask of events that are to be generated by the in-kernel ctnetlink
> diff --git a/src/conntrack.c b/src/conntrack.c
> index d4e79de..82a8917 100644
> --- a/src/conntrack.c
> +++ b/src/conntrack.c
> @@ -488,6 +488,7 @@ static unsigned int addr_valid_flags[ADDR_VALID_FLAGS_MAX] = {
> static LIST_HEAD(proto_list);
>
> static unsigned int options;
> +static struct nfct_labelmap *labelmap;
>
> void register_proto(struct ctproto_handler *h)
> {
> @@ -731,6 +732,7 @@ enum {
> _O_TMS = (1 << 2),
> _O_ID = (1 << 3),
> _O_KTMS = (1 << 4),
> + _O_CL = (1 << 5),
> };
>
> enum {
> @@ -749,8 +751,8 @@ static struct parse_parameter {
> { IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} },
> { {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
> { CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } },
> - { {"xml", "extended", "timestamp", "id", "ktimestamp"}, 5,
> - { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS },
> + { {"xml", "extended", "timestamp", "id", "ktimestamp", "labels", }, 6,
> + { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS, _O_CL },
> },
> };
>
> @@ -1150,7 +1152,7 @@ static int event_cb(enum nf_conntrack_msg_type type,
> if (output_mask & _O_ID)
> op_flags |= NFCT_OF_ID;
>
> - nfct_snprintf(buf, sizeof(buf), ct, type, op_type, op_flags);
> + nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
>
> printf("%s\n", buf);
> fflush(stdout);
> @@ -1194,7 +1196,7 @@ static int dump_cb(enum nf_conntrack_msg_type type,
> if (output_mask & _O_ID)
> op_flags |= NFCT_OF_ID;
>
> - nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags);
> + nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
> printf("%s\n", buf);
>
> counter++;
> @@ -1879,6 +1881,11 @@ int main(int argc, char *argv[])
> case 'o':
> options |= CT_OPT_OUTPUT;
> parse_parameter(optarg, &output_mask, PARSE_OUTPUT);
> + if (output_mask & _O_CL) {
> + labelmap = nfct_labelmap_new(NULL);
> + if (!labelmap)
> + perror("nfct_labelmap_new");
> + }
> break;
> case 'z':
> options |= CT_OPT_ZERO;
> @@ -2372,6 +2379,8 @@ try_proc:
>
> free_tmpl_objects();
> free_options();
> + if (labelmap)
> + nfct_labelmap_destroy(labelmap);
>
> if (command && exit_msg[cmd][0]) {
> fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION);
> --
> 1.7.8.6
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2013-07-05 4:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-04 14:04 [PATCH cttools V3] conntrack: add connlabel format attribute Florian Westphal
2013-07-05 4:57 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130705045746.GA3836@localhost \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.