From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH cttools V3] conntrack: add connlabel format attribute
Date: Fri, 5 Jul 2013 06:57:46 +0200 [thread overview]
Message-ID: <20130705045746.GA3836@localhost> (raw)
In-Reply-To: <1372946679-11352-1-git-send-email-fw@strlen.de>
On Thu, Jul 04, 2013 at 04:04:39PM +0200, Florian Westphal wrote:
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> Changes since v2:
> - allow xml output again
> - use new nfct_snprint_labels() function from libnetfilter_conntrack.git
Looks good, thanks Florian.
You can remove a trailing whitespace by @@ -749,8 +751,8 @@ after
labels, not your fault, it was already there, but it's a good chance
to get rid of it.
We need to bump libnetfilter_conntrack dependency. I'll remember that
for the upcoming release.
> conntrack.8 | 4 +++-
> src/conntrack.c | 17 +++++++++++++----
> 2 files changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/conntrack.8 b/conntrack.8
> index a411fd4..d80a778 100644
> --- a/conntrack.8
> +++ b/conntrack.8
> @@ -88,11 +88,13 @@ Show the in-kernel connection tracking system statistics.
> Atomically zero counters after reading them. This option is only valid in
> combination with the "-L, --dump" command options.
> .TP
> -.BI "-o, --output [extended,xml,timestamp,id,ktimestamp] "
> +.BI "-o, --output [extended,xml,timestamp,id,ktimestamp,labels] "
> Display output in a certain format. With the extended output option, this tool
> displays the layer 3 information. With ktimestamp, it displays the in-kernel
> timestamp available since 2.6.38 (you can enable it via echo 1 >
> /proc/sys/net/netfilter/nf_conntrack_timestamp).
> +The labels output option tells conntrack to show the names of connection
> +tracking labels that might be present.
> .TP
> .BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]"
> Set the bitmask of events that are to be generated by the in-kernel ctnetlink
> diff --git a/src/conntrack.c b/src/conntrack.c
> index d4e79de..82a8917 100644
> --- a/src/conntrack.c
> +++ b/src/conntrack.c
> @@ -488,6 +488,7 @@ static unsigned int addr_valid_flags[ADDR_VALID_FLAGS_MAX] = {
> static LIST_HEAD(proto_list);
>
> static unsigned int options;
> +static struct nfct_labelmap *labelmap;
>
> void register_proto(struct ctproto_handler *h)
> {
> @@ -731,6 +732,7 @@ enum {
> _O_TMS = (1 << 2),
> _O_ID = (1 << 3),
> _O_KTMS = (1 << 4),
> + _O_CL = (1 << 5),
> };
>
> enum {
> @@ -749,8 +751,8 @@ static struct parse_parameter {
> { IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} },
> { {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
> { CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } },
> - { {"xml", "extended", "timestamp", "id", "ktimestamp"}, 5,
> - { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS },
> + { {"xml", "extended", "timestamp", "id", "ktimestamp", "labels", }, 6,
> + { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS, _O_CL },
> },
> };
>
> @@ -1150,7 +1152,7 @@ static int event_cb(enum nf_conntrack_msg_type type,
> if (output_mask & _O_ID)
> op_flags |= NFCT_OF_ID;
>
> - nfct_snprintf(buf, sizeof(buf), ct, type, op_type, op_flags);
> + nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
>
> printf("%s\n", buf);
> fflush(stdout);
> @@ -1194,7 +1196,7 @@ static int dump_cb(enum nf_conntrack_msg_type type,
> if (output_mask & _O_ID)
> op_flags |= NFCT_OF_ID;
>
> - nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags);
> + nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
> printf("%s\n", buf);
>
> counter++;
> @@ -1879,6 +1881,11 @@ int main(int argc, char *argv[])
> case 'o':
> options |= CT_OPT_OUTPUT;
> parse_parameter(optarg, &output_mask, PARSE_OUTPUT);
> + if (output_mask & _O_CL) {
> + labelmap = nfct_labelmap_new(NULL);
> + if (!labelmap)
> + perror("nfct_labelmap_new");
> + }
> break;
> case 'z':
> options |= CT_OPT_ZERO;
> @@ -2372,6 +2379,8 @@ try_proc:
>
> free_tmpl_objects();
> free_options();
> + if (labelmap)
> + nfct_labelmap_destroy(labelmap);
>
> if (command && exit_msg[cmd][0]) {
> fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION);
> --
> 1.7.8.6
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2013-07-05 4:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-04 14:04 [PATCH cttools V3] conntrack: add connlabel format attribute Florian Westphal
2013-07-05 4:57 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130705045746.GA3836@localhost \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).