[PATCH cttools V3] conntrack: add connlabel format attribute

[PATCH cttools V3] conntrack: add connlabel format attribute

[Florian Westphal]

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 Changes since v2:
  - allow xml output again
  - use new nfct_snprint_labels() function from libnetfilter_conntrack.git

 conntrack.8     |    4 +++-
 src/conntrack.c |   17 +++++++++++++----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/conntrack.8 b/conntrack.8
index a411fd4..d80a778 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -88,11 +88,13 @@ Show the in-kernel connection tracking system statistics.
 Atomically zero counters after reading them.  This option is only valid in
 combination with the "-L, --dump" command options.
 .TP
-.BI "-o, --output [extended,xml,timestamp,id,ktimestamp] "
+.BI "-o, --output [extended,xml,timestamp,id,ktimestamp,labels] "
 Display output in a certain format. With the extended output option, this tool
 displays the layer 3 information. With ktimestamp, it displays the in-kernel
 timestamp available since 2.6.38 (you can enable it via echo 1 >
 /proc/sys/net/netfilter/nf_conntrack_timestamp).
+The labels output option tells conntrack to show the names of connection
+tracking labels that might be present.
 .TP
 .BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]"
 Set the bitmask of events that are to be generated by the in-kernel ctnetlink
diff --git a/src/conntrack.c b/src/conntrack.c
index d4e79de..82a8917 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -488,6 +488,7 @@ static unsigned int addr_valid_flags[ADDR_VALID_FLAGS_MAX] = {
 static LIST_HEAD(proto_list);
 
 static unsigned int options;
+static struct nfct_labelmap *labelmap;
 
 void register_proto(struct ctproto_handler *h)
 {
@@ -731,6 +732,7 @@ enum {
 	_O_TMS	= (1 << 2),
 	_O_ID	= (1 << 3),
 	_O_KTMS	= (1 << 4),
+	_O_CL	= (1 << 5),
 };
 
 enum {
@@ -749,8 +751,8 @@ static struct parse_parameter {
 	  { IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} },
 	{ {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
 	  { CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } },
-	{ {"xml", "extended", "timestamp", "id", "ktimestamp"}, 5, 
-	  { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS },
+	{ {"xml", "extended", "timestamp", "id", "ktimestamp", "labels", }, 6, 
+	  { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS, _O_CL },
 	},
 };
 
@@ -1150,7 +1152,7 @@ static int event_cb(enum nf_conntrack_msg_type type,
 	if (output_mask & _O_ID)
 		op_flags |= NFCT_OF_ID;
 
-	nfct_snprintf(buf, sizeof(buf), ct, type, op_type, op_flags);
+	nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
 
 	printf("%s\n", buf);
 	fflush(stdout);
@@ -1194,7 +1196,7 @@ static int dump_cb(enum nf_conntrack_msg_type type,
 	if (output_mask & _O_ID)
 		op_flags |= NFCT_OF_ID;
 
-	nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags);
+	nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
 	printf("%s\n", buf);
 
 	counter++;
@@ -1879,6 +1881,11 @@ int main(int argc, char *argv[])
 		case 'o':
 			options |= CT_OPT_OUTPUT;
 			parse_parameter(optarg, &output_mask, PARSE_OUTPUT);
+			if (output_mask & _O_CL) {
+				labelmap = nfct_labelmap_new(NULL);
+				if (!labelmap)
+					perror("nfct_labelmap_new");
+			}
 			break;
 		case 'z':
 			options |= CT_OPT_ZERO;
@@ -2372,6 +2379,8 @@ try_proc:
 
 	free_tmpl_objects();
 	free_options();
+	if (labelmap)
+		nfct_labelmap_destroy(labelmap);
 
 	if (command && exit_msg[cmd][0]) {
 		fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION);
-- 
1.7.8.6

Re: [PATCH cttools V3] conntrack: add connlabel format attribute

[Pablo Neira Ayuso]

On Thu, Jul 04, 2013 at 04:04:39PM +0200, Florian Westphal wrote:
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
>  Changes since v2:
>   - allow xml output again
>   - use new nfct_snprint_labels() function from libnetfilter_conntrack.git

Looks good, thanks Florian.

You can remove a trailing whitespace by @@ -749,8 +751,8 @@ after
labels, not your fault, it was already there, but it's a good chance
to get rid of it.

We need to bump libnetfilter_conntrack dependency.  I'll remember that
for the upcoming release.

>  conntrack.8     |    4 +++-
>  src/conntrack.c |   17 +++++++++++++----
>  2 files changed, 16 insertions(+), 5 deletions(-)
> 
> diff --git a/conntrack.8 b/conntrack.8
> index a411fd4..d80a778 100644
> --- a/conntrack.8
> +++ b/conntrack.8
> @@ -88,11 +88,13 @@ Show the in-kernel connection tracking system statistics.
>  Atomically zero counters after reading them.  This option is only valid in
>  combination with the "-L, --dump" command options.
>  .TP
> -.BI "-o, --output [extended,xml,timestamp,id,ktimestamp] "
> +.BI "-o, --output [extended,xml,timestamp,id,ktimestamp,labels] "
>  Display output in a certain format. With the extended output option, this tool
>  displays the layer 3 information. With ktimestamp, it displays the in-kernel
>  timestamp available since 2.6.38 (you can enable it via echo 1 >
>  /proc/sys/net/netfilter/nf_conntrack_timestamp).
> +The labels output option tells conntrack to show the names of connection
> +tracking labels that might be present.
>  .TP
>  .BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]"
>  Set the bitmask of events that are to be generated by the in-kernel ctnetlink
> diff --git a/src/conntrack.c b/src/conntrack.c
> index d4e79de..82a8917 100644
> --- a/src/conntrack.c
> +++ b/src/conntrack.c
> @@ -488,6 +488,7 @@ static unsigned int addr_valid_flags[ADDR_VALID_FLAGS_MAX] = {
>  static LIST_HEAD(proto_list);
>  
>  static unsigned int options;
> +static struct nfct_labelmap *labelmap;
>  
>  void register_proto(struct ctproto_handler *h)
>  {
> @@ -731,6 +732,7 @@ enum {
>  	_O_TMS	= (1 << 2),
>  	_O_ID	= (1 << 3),
>  	_O_KTMS	= (1 << 4),
> +	_O_CL	= (1 << 5),
>  };
>  
>  enum {
> @@ -749,8 +751,8 @@ static struct parse_parameter {
>  	  { IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} },
>  	{ {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
>  	  { CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } },
> -	{ {"xml", "extended", "timestamp", "id", "ktimestamp"}, 5, 
> -	  { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS },
> +	{ {"xml", "extended", "timestamp", "id", "ktimestamp", "labels", }, 6, 
> +	  { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS, _O_CL },
>  	},
>  };
>  
> @@ -1150,7 +1152,7 @@ static int event_cb(enum nf_conntrack_msg_type type,
>  	if (output_mask & _O_ID)
>  		op_flags |= NFCT_OF_ID;
>  
> -	nfct_snprintf(buf, sizeof(buf), ct, type, op_type, op_flags);
> +	nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
>  
>  	printf("%s\n", buf);
>  	fflush(stdout);
> @@ -1194,7 +1196,7 @@ static int dump_cb(enum nf_conntrack_msg_type type,
>  	if (output_mask & _O_ID)
>  		op_flags |= NFCT_OF_ID;
>  
> -	nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags);
> +	nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
>  	printf("%s\n", buf);
>  
>  	counter++;
> @@ -1879,6 +1881,11 @@ int main(int argc, char *argv[])
>  		case 'o':
>  			options |= CT_OPT_OUTPUT;
>  			parse_parameter(optarg, &output_mask, PARSE_OUTPUT);
> +			if (output_mask & _O_CL) {
> +				labelmap = nfct_labelmap_new(NULL);
> +				if (!labelmap)
> +					perror("nfct_labelmap_new");
> +			}
>  			break;
>  		case 'z':
>  			options |= CT_OPT_ZERO;
> @@ -2372,6 +2379,8 @@ try_proc:
>  
>  	free_tmpl_objects();
>  	free_options();
> +	if (labelmap)
> +		nfct_labelmap_destroy(labelmap);
>  
>  	if (command && exit_msg[cmd][0]) {
>  		fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION);
> -- 
> 1.7.8.6
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html