[PATCH nft] src: netlink: Subscribe nft monitor and nft monitor trace to respective groups.

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nft] src: netlink: Subscribe nft monitor and nft monitor trace to respective groups.
@ 2017-07-25  5:25 Varsha Rao
  2017-07-25 16:06 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Varsha Rao @ 2017-07-25  5:25 UTC (permalink / raw)
  To: pablo, netfilter-devel

Subscribe nft monitor only to NFNLGRP_NFTABLES and nft monitor trace
only to NFNLGRP_NFTRACE. In netlink_monitor() depending on the command
call setsockopt() once.

Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
 src/netlink.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/netlink.c b/src/netlink.c
index 9cef4c4..ccc13eb 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -3080,14 +3080,11 @@ int netlink_monitor(struct netlink_mon_handler *monhandler,
 {
 	int group;

-	group = NFNLGRP_NFTABLES;
-	if (mnl_socket_setsockopt(nf_sock, NETLINK_ADD_MEMBERSHIP, &group,
-				  sizeof(int)) < 0)
-		return netlink_io_error(monhandler->ctx, monhandler->loc,
-					"Could not bind to netlink socket %s",
-					strerror(errno));
+	if (monhandler->monitor_flags == (unsigned int)-1)
+		group = NFNLGRP_NFTABLES;
+	else
+		group = NFNLGRP_NFTRACE;

-	group = NFNLGRP_NFTRACE;
 	if (mnl_socket_setsockopt(nf_sock, NETLINK_ADD_MEMBERSHIP, &group,
 				  sizeof(int)) < 0)
 		return netlink_io_error(monhandler->ctx, monhandler->loc,
-- 
2.9.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH nft] src: netlink: Subscribe nft monitor and nft monitor trace to respective groups.
  2017-07-25  5:25 [PATCH nft] src: netlink: Subscribe nft monitor and nft monitor trace to respective groups Varsha Rao
@ 2017-07-25 16:06 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2017-07-25 16:06 UTC (permalink / raw)
  To: Varsha Rao; +Cc: netfilter-devel

Hi Varsha,

On Tue, Jul 25, 2017 at 10:55:00AM +0530, Varsha Rao wrote:
> Subscribe nft monitor only to NFNLGRP_NFTABLES and nft monitor trace
> only to NFNLGRP_NFTRACE. In netlink_monitor() depending on the command
> call setsockopt() once.

Could you enhance this patch in a way that things work like the
following:

#1 nft monitor

This prints all events, both nftrace and nftables.

#2 nft monitor trace

This prints only trace events.

#3 nft monitor ruleset

This prints only ruleset events.

for #3, you have to extend the bison parser I think, it should be not
too complicated.

>+       if (monhandler->monitor_flags == (unsigned int)-1)

I think there must be a way to make this more readable, as well as
make it work in the way I propose above.

Thanks!

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-07-25 16:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-25  5:25 [PATCH nft] src: netlink: Subscribe nft monitor and nft monitor trace to respective groups Varsha Rao
2017-07-25 16:06 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).