From: Phil Sutter <phil@nwl.cc>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH xtables-nft 3/3] xtables-monitor: print packet first
Date: Mon, 14 Dec 2020 15:14:35 +0100 [thread overview]
Message-ID: <20201214141435.GC28824@orbyte.nwl.cc> (raw)
In-Reply-To: <20201212151534.54336-4-fw@strlen.de>
On Sat, Dec 12, 2020 at 04:15:34PM +0100, Florian Westphal wrote:
> The trace mode should first print the packet that was received and
> then the rule/verdict.
>
> Furthermore, the monitor did sometimes print an extra newline.
>
> After this patch, output is more consistent with nft monitor.
>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> iptables/xtables-monitor.c | 34 +++++++++++++++++++++++-----------
> 1 file changed, 23 insertions(+), 11 deletions(-)
>
> diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
> index 8850a12032d2..45a0d6bf1343 100644
> --- a/iptables/xtables-monitor.c
> +++ b/iptables/xtables-monitor.c
> @@ -106,6 +106,7 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data)
> printf("-0 ");
> break;
> default:
> + puts("");
> goto err_free;
> }
>
> @@ -433,9 +434,18 @@ static void trace_print_packet(const struct nftnl_trace *nlt, struct cb_arg *arg
> mark = nftnl_trace_get_u32(nlt, NFTNL_TRACE_MARK);
> if (mark)
> printf("MARK=0x%x ", mark);
> + puts("");
> +}
> +
> +static void trace_print_hdr(const struct nftnl_trace *nlt)
> +{
> + printf(" TRACE: %d %08x %s:%s", nftnl_trace_get_u32(nlt, NFTNL_TABLE_FAMILY),
> + nftnl_trace_get_u32(nlt, NFTNL_TRACE_ID),
> + nftnl_trace_get_str(nlt, NFTNL_TRACE_TABLE),
> + nftnl_trace_get_str(nlt, NFTNL_TRACE_CHAIN));
> }
>
> -static void print_verdict(struct nftnl_trace *nlt, uint32_t verdict)
> +static void print_verdict(const struct nftnl_trace *nlt, uint32_t verdict)
> {
> const char *chain;
>
> @@ -496,35 +506,37 @@ static int trace_cb(const struct nlmsghdr *nlh, struct cb_arg *arg)
> arg->nfproto != nftnl_trace_get_u32(nlt, NFTNL_TABLE_FAMILY))
> goto err_free;
>
> - printf(" TRACE: %d %08x %s:%s", nftnl_trace_get_u32(nlt, NFTNL_TABLE_FAMILY),
> - nftnl_trace_get_u32(nlt, NFTNL_TRACE_ID),
> - nftnl_trace_get_str(nlt, NFTNL_TRACE_TABLE),
> - nftnl_trace_get_str(nlt, NFTNL_TRACE_CHAIN));
> -
> switch (nftnl_trace_get_u32(nlt, NFTNL_TRACE_TYPE)) {
> case NFT_TRACETYPE_RULE:
> verdict = nftnl_trace_get_u32(nlt, NFTNL_TRACE_VERDICT);
> - printf(":rule:0x%llx:", (unsigned long long)nftnl_trace_get_u64(nlt, NFTNL_TRACE_RULE_HANDLE));
Quite long long line here. ;)
How about using PRIx64 in the format string to avoid the cast?
> - print_verdict(nlt, verdict);
>
> - if (nftnl_trace_is_set(nlt, NFTNL_TRACE_RULE_HANDLE))
> - trace_print_rule(nlt, arg);
> if (nftnl_trace_is_set(nlt, NFTNL_TRACE_LL_HEADER) ||
> nftnl_trace_is_set(nlt, NFTNL_TRACE_NETWORK_HEADER))
> trace_print_packet(nlt, arg);
> +
> + if (nftnl_trace_is_set(nlt, NFTNL_TRACE_RULE_HANDLE)) {
> + trace_print_hdr(nlt);
> + printf(":rule:0x%llx:", (unsigned long long)nftnl_trace_get_u64(nlt, NFTNL_TRACE_RULE_HANDLE));
Same here.
Cheers, Phil
next prev parent reply other threads:[~2020-12-14 14:15 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-12 15:15 [PATCH xtables-nft 0/3] xt-monitor fixes Florian Westphal
2020-12-12 15:15 ` [PATCH xtables-nft 1/3] xtables-monitor: fix rule printing Florian Westphal
2020-12-14 14:19 ` Phil Sutter
2020-12-12 15:15 ` [PATCH xtables-nft 2/3] xtables-monitor: fix packet family protocol Florian Westphal
2020-12-12 15:15 ` [PATCH xtables-nft 3/3] xtables-monitor: print packet first Florian Westphal
2020-12-14 14:14 ` Phil Sutter [this message]
2020-12-14 16:06 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201214141435.GC28824@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.