src: handle rule tracing as an monitor object

Traces are not an event type, they should be handled as an object.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/rule.h b/include/rule.h
index e22002724f90501e23ab99bbc219d6ab73efb96e..a0edda2fec83b6509c485cb1fa8f1bbd06ff3753 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -397,6 +397,7 @@ enum {
        CMD_MONITOR_OBJ_SETS,
        CMD_MONITOR_OBJ_ELEMS,
        CMD_MONITOR_OBJ_RULESET,
+       CMD_MONITOR_OBJ_TRACE,
        CMD_MONITOR_OBJ_MAX
 };
 

diff --git a/src/evaluate.c b/src/evaluate.c
index 959e8542dfff7bd91246a99075478f59b04c2379..d24526fef2954810de1f4e1829de5b6b67ddf659 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3218,7 +3218,6 @@ enum {
        CMD_MONITOR_EVENT_ANY,
        CMD_MONITOR_EVENT_NEW,
        CMD_MONITOR_EVENT_DEL,
-       CMD_MONITOR_EVENT_TRACE,
        CMD_MONITOR_EVENT_MAX
 };
 
@@ -3247,6 +3246,7 @@ static uint32_t monitor_flags[CMD_MONITOR_EVENT_MAX][CMD_MONITOR_OBJ_MAX] = {
                                                  (1 << NFT_MSG_DELSETELEM) |
                                                  (1 << NFT_MSG_NEWOBJ)   |
                                                  (1 << NFT_MSG_DELOBJ),
+               [CMD_MONITOR_OBJ_TRACE]         = (1 << NFT_MSG_TRACE),
        },
        [CMD_MONITOR_EVENT_NEW] = {
                [CMD_MONITOR_OBJ_ANY]           = (1 << NFT_MSG_NEWTABLE) |
@@ -3264,7 +3264,8 @@ static uint32_t monitor_flags[CMD_MONITOR_EVENT_MAX][CMD_MONITOR_OBJ_MAX] = {
                                                  (1 << NFT_MSG_NEWRULE)  |
                                                  (1 << NFT_MSG_NEWSET)   |
                                                  (1 << NFT_MSG_NEWSETELEM) |
-                                                 (1 << NFT_MSG_NEWOBJ)
+                                                 (1 << NFT_MSG_NEWOBJ),
+               [CMD_MONITOR_OBJ_TRACE]         = 0,
        },
        [CMD_MONITOR_EVENT_DEL] = {
                [CMD_MONITOR_OBJ_ANY]           = (1 << NFT_MSG_DELTABLE) |
@@ -3283,29 +3284,7 @@ static uint32_t monitor_flags[CMD_MONITOR_EVENT_MAX][CMD_MONITOR_OBJ_MAX] = {
                                                  (1 << NFT_MSG_DELSET)   |
                                                  (1 << NFT_MSG_DELSETELEM) |
                                                  (1 << NFT_MSG_DELOBJ),
-       },
-       [CMD_MONITOR_EVENT_TRACE] = {
-               [CMD_MONITOR_OBJ_ANY]           = (1 << NFT_MSG_NEWTABLE) |
-                                                 (1 << NFT_MSG_NEWCHAIN) |
-                                                 (1 << NFT_MSG_NEWRULE)  |
-                                                 (1 << NFT_MSG_DELTABLE) |
-                                                 (1 << NFT_MSG_DELCHAIN) |
-                                                 (1 << NFT_MSG_DELRULE)  |
-                                                 (1 << NFT_MSG_TRACE),
-               [CMD_MONITOR_OBJ_TABLES]        = (1 << NFT_MSG_NEWTABLE) |
-                                                 (1 << NFT_MSG_DELTABLE),
-               [CMD_MONITOR_OBJ_CHAINS]        = (1 << NFT_MSG_NEWCHAIN) |
-                                                 (1 << NFT_MSG_DELCHAIN),
-               [CMD_MONITOR_OBJ_RULES]         = (1 << NFT_MSG_NEWRULE) |
-                                                 (1 << NFT_MSG_DELRULE),
-               [CMD_MONITOR_OBJ_RULESET]       = (1 << NFT_MSG_NEWTABLE) |
-                                                 (1 << NFT_MSG_NEWCHAIN) |
-                                                 (1 << NFT_MSG_NEWRULE)  |
-                                                 (1 << NFT_MSG_NEWOBJ)   |
-                                                 (1 << NFT_MSG_DELTABLE) |
-                                                 (1 << NFT_MSG_DELCHAIN) |
-                                                 (1 << NFT_MSG_DELRULE)  |
-                                                 (1 << NFT_MSG_DELOBJ),
+               [CMD_MONITOR_OBJ_TRACE]         = 0,
        },
 };
 
@@ -3324,8 +3303,6 @@ static int cmd_evaluate_monitor(struct eval_ctx *ctx, struct cmd *cmd)
                event = CMD_MONITOR_EVENT_NEW;
        else if (strcmp(cmd->monitor->event, "destroy") == 0)
                event = CMD_MONITOR_EVENT_DEL;
-       else if (strcmp(cmd->monitor->event, "trace") == 0)
-               event = CMD_MONITOR_EVENT_TRACE;
        else {
                return monitor_error(ctx, cmd->monitor, "invalid event %s",
                                     cmd->monitor->event);

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 86baf23a00c1c91fece903739c4f3ffb1dbadecc..e7bb9097929bd64aba398a486954aacc71fe95e0 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -194,6 +194,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
 %token MAPS                    "maps"
 %token HANDLE                  "handle"
 %token RULESET                 "ruleset"
+%token TRACE                   "trace"
 
 %token INET                    "inet"
 %token NETDEV                  "netdev"
@@ -1196,6 +1197,7 @@ monitor_object            :       /* empty */     { $$ = CMD_MONITOR_OBJ_ANY; }
                        |       RULES           { $$ = CMD_MONITOR_OBJ_RULES; }
                        |       ELEMENTS        { $$ = CMD_MONITOR_OBJ_ELEMS; }
                        |       RULESET         { $$ = CMD_MONITOR_OBJ_RULESET; }
+                       |       TRACE           { $$ = CMD_MONITOR_OBJ_TRACE; }
                        ;
 
 monitor_format         :       /* empty */     { $$ = NFTNL_OUTPUT_DEFAULT; }

diff --git a/src/scanner.l b/src/scanner.l
index 7d5437f123ce09cecfdc4cc01879354edeec6896..b6ba32d88f4ad9d962ab8b441cf2e21c73fbb0b9 100644 (file)
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -250,6 +250,7 @@ addrstring  ({macaddr}|{ip4addr}|{ip6addr})
 "maps"                 { return MAPS; }
 "handle"               { return HANDLE; }
 "ruleset"              { return RULESET; }
+"trace"                        { return TRACE; }
 
 "accept"               { return ACCEPT; }
 "drop"                 { return DROP; }