From: Florian Westphal <fw@strlen.de>
To: netfilter-devel@vger.kernel.org
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH 2/2] conntrack: add connlabel format attribute
Date: Sun, 30 Jun 2013 23:10:48 +0200 [thread overview]
Message-ID: <1372626648-19482-2-git-send-email-fw@strlen.de> (raw)
In-Reply-To: <1372626648-19482-1-git-send-email-fw@strlen.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
Change since v1:
- rename option to '-o labels'
- make it incompatible with xml option (can't
add attributes to existing xml output
buffer without insane hackery ]
conntrack.8 | 4 +++-
src/conntrack.c | 39 +++++++++++++++++++++++++++++++++++----
2 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/conntrack.8 b/conntrack.8
index a411fd4..41a59ce 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -88,11 +88,13 @@ Show the in-kernel connection tracking system statistics.
Atomically zero counters after reading them. This option is only valid in
combination with the "-L, --dump" command options.
.TP
-.BI "-o, --output [extended,xml,timestamp,id,ktimestamp] "
+.BI "-o, --output [extended,xml,timestamp,id,ktimestamp,labels] "
Display output in a certain format. With the extended output option, this tool
displays the layer 3 information. With ktimestamp, it displays the in-kernel
timestamp available since 2.6.38 (you can enable it via echo 1 >
/proc/sys/net/netfilter/nf_conntrack_timestamp).
+The labels output option tells conntrack to show the names of labels that
+might be present, this is currently incompatible with xml output.
.TP
.BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]"
Set the bitmask of events that are to be generated by the in-kernel ctnetlink
diff --git a/src/conntrack.c b/src/conntrack.c
index d4e79de..74561ba 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -488,6 +488,7 @@ static unsigned int addr_valid_flags[ADDR_VALID_FLAGS_MAX] = {
static LIST_HEAD(proto_list);
static unsigned int options;
+static struct nfct_labelmap *label_map;
void register_proto(struct ctproto_handler *h)
{
@@ -731,6 +732,7 @@ enum {
_O_TMS = (1 << 2),
_O_ID = (1 << 3),
_O_KTMS = (1 << 4),
+ _O_LAB = (1 << 5),
};
enum {
@@ -749,8 +751,8 @@ static struct parse_parameter {
{ IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} },
{ {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
{ CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } },
- { {"xml", "extended", "timestamp", "id", "ktimestamp"}, 5,
- { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS },
+ { {"xml", "extended", "timestamp", "id", "ktimestamp", "labels", }, 6,
+ { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS, _O_LAB },
},
};
@@ -1108,6 +1110,15 @@ exp_event_sighandler(int s)
exit(0);
}
+static void print_labels(const struct nfct_bitmask *b)
+{
+ char buf[1024];
+ if (!b)
+ return;
+ nfct_snprintf_labels(buf, sizeof(buf), label_map, b, NFCT_O_DEFAULT);
+ printf(" labels=%s", buf);
+}
+
static int event_cb(enum nf_conntrack_msg_type type,
struct nf_conntrack *ct,
void *data)
@@ -1152,7 +1163,11 @@ static int event_cb(enum nf_conntrack_msg_type type,
nfct_snprintf(buf, sizeof(buf), ct, type, op_type, op_flags);
- printf("%s\n", buf);
+ printf("%s", buf);
+
+ if (output_mask & _O_LAB)
+ print_labels(nfct_get_attr(ct, ATTR_CONNLABELS));
+ printf("\n");
fflush(stdout);
counter++;
@@ -1195,8 +1210,11 @@ static int dump_cb(enum nf_conntrack_msg_type type,
op_flags |= NFCT_OF_ID;
nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags);
- printf("%s\n", buf);
+ printf("%s", buf);
+ if (output_mask & _O_LAB)
+ print_labels(nfct_get_attr(ct, ATTR_CONNLABELS));
+ printf("\n");
counter++;
return NFCT_CB_CONTINUE;
@@ -1879,6 +1897,17 @@ int main(int argc, char *argv[])
case 'o':
options |= CT_OPT_OUTPUT;
parse_parameter(optarg, &output_mask, PARSE_OUTPUT);
+ if (output_mask & _O_LAB) {
+ if (output_mask & _O_XML) {
+ output_mask &= ~_O_LAB;
+ break;
+ }
+ label_map = nfct_labelmap_new(NULL);
+ if (!label_map) {
+ perror("nfct_labelmap_new");
+ output_mask &= ~_O_LAB;
+ }
+ }
break;
case 'z':
options |= CT_OPT_ZERO;
@@ -2372,6 +2401,8 @@ try_proc:
free_tmpl_objects();
free_options();
+ if (label_map)
+ nfct_labelmap_destroy(label_map);
if (command && exit_msg[cmd][0]) {
fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION);
--
1.8.1.5
next prev parent reply other threads:[~2013-06-30 21:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-30 21:10 [PATCH conntracktools] conntrackd: support replication of connlabels Florian Westphal
2013-06-30 21:10 ` Florian Westphal [this message]
2013-06-30 21:39 ` [PATCH 2/2] conntrack: add connlabel format attribute Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1372626648-19482-2-git-send-email-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).