From patchwork Wed Mar 14 01:39:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: nozzy123nozzy@gmail.com X-Patchwork-Id: 885562 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="XjyGPA7r"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 401Dtm6t4Vz9sV4 for ; Wed, 14 Mar 2018 12:40:16 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932763AbeCNBkP (ORCPT ); Tue, 13 Mar 2018 21:40:15 -0400 Received: from mail-pl0-f67.google.com ([209.85.160.67]:36661 "EHLO mail-pl0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932636AbeCNBkO (ORCPT ); Tue, 13 Mar 2018 21:40:14 -0400 Received: by mail-pl0-f67.google.com with SMTP id 61-v6so879294plf.3 for ; Tue, 13 Mar 2018 18:40:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:date:mime-version :content-transfer-encoding; bh=I+XfhH5HHhqk/6/K6rQG52WE+qtB4029RN0X7o8WI2k=; b=XjyGPA7rYVYPXVo6jKYUsTrwKjLdqKmniI4VlzWz1QxQklZka4+mK5T4HV89EVtupU zQ/TNmpTM/dhZwlmIXBz8qwosw6k71mO4yY5NFj0aGAcu4v6z58fELmX4XEWaAwtXKIj 5WcxrEvs4/MvZdpeFmQvmhZ62yanH3OvMNt4jD0vu3ILo5srTLWwSPfxRpA6AhA5lVc9 S6gRyU1ImSwmyo81TOA3Ikh/ju3I7ilpnpJ2y8edi2r4ywnzzNNXYCWai7lnXjpG7x/i 4zo97xRB7xeEtIRvqrCrjpj4y+U9qK7f8uC8ReLN22AM6soNcEMXK3VkI3k1IQiKhjbm BW4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:mime-version :content-transfer-encoding; bh=I+XfhH5HHhqk/6/K6rQG52WE+qtB4029RN0X7o8WI2k=; b=MbuRlRH/wv7TBs+q0QAa2zN6o6XzkII7hauQCyhSmib+2Pn4fddTBtEVjTC5C7hUu2 KaKRS3qbZvv2lVaMaKom22jGlNAulJE3s9cmZ4Hle/BJvFfMmi/6VZTL9j3Ek55R52pN 6UUWEnCPYchiBP0/Mvk7hpx5kcyAG4HgjschBfLxkWguLwcskBVa/WtBs3T7epT1uyGY BsNbXctqDvn+kfuMgOTQPD11PBzQAHBOfPk1dewgvHlE/psc4JQvo2T/nSrtlBhQhuk7 XFLRBa/AfXNuJpNzLBnWC2jL5GEZqErDbygt4MGNSH18NCkc1XmVU3r8qV6QkRBG/EoK QptA== X-Gm-Message-State: AElRT7Feo15qy7V7rCjFX7sC7uS2ehpA978yAoohkpGKTs0Z8ju+mihn FJuY0HyVtcygSfDdfwtgpV7e6Om2 X-Google-Smtp-Source: AG47ELvhWLy6GapdIkfebbFpbEaLqwxWY9YiyA49uJ8CxBUGGntfiuXBzCSFto0uAjyIRXADTp+lpA== X-Received: by 2002:a17:902:7291:: with SMTP id d17-v6mr953138pll.65.1520991614112; Tue, 13 Mar 2018 18:40:14 -0700 (PDT) Received: from mo49-101-156-55.air.mopera.net (mo49-101-156-55.air.mopera.net. [49.101.156.55]) by smtp.gmail.com with ESMTPSA id o86sm2692998pfi.87.2018.03.13.18.40.10 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 13 Mar 2018 18:40:13 -0700 (PDT) Message-ID: <1520991597.17526.14.camel@gmail.com> Subject: nftables patch proposal: debug_mask propagate through cache_update() just as it is. From: nozzy123nozzy@gmail.com To: netfilter-devel@vger.kernel.org Date: Wed, 14 Mar 2018 10:39:57 +0900 X-Mailer: Evolution 3.26.5-1 Mime-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Hi nft developers, I would like to propose this patch to netfilter. This patch aims that all the "--debug" levels of nft are treated as it is in cache_update(). Currently, nft seems to omit any debug level except for "netlink" level through cache_update(). It is not convenient to check all packets also generated by cache_update(). Example: "nft --debug mnl list ruleset" doesn't show any debug information. With this patch, nft can show mnl debug information.It is convenient for debug. (at least convenient to me.) How about this patch? I'm glad if you accept this patch. Thank you in advance, Takahide Nojima. -----------------patch is here---------------------------- From fbdf4d73328580031e1e68b6a163f640330253b9 Mon Sep 17 00:00:00 2001 From: Takahide Nojima Date: Sat, 10 Mar 2018 15:36:30 +0900 Subject: debug_mask parameter pass through to cache_update() Signed-off-by: Takahide Nojima --- include/rule.h | 2 +- src/evaluate.c | 22 +++++++++++----------- src/netlink.c | 2 +- src/rule.c | 4 ++-- 4 files changed, 15 insertions(+), 15 deletions(-) { uint16_t genid; @@ -156,7 +156,7 @@ int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache, .nf_sock = nf_sock, .cache = cache, .msgs = msgs, - .debug_mask = debug ? NFT_DEBUG_NETLINK : 0, + .debug_mask = debug_mask, .octx = octx, }; diff --git a/include/rule.h b/include/rule.h index 86f7281..769c54c 100644 --- a/include/rule.h +++ b/include/rule.h @@ -552,7 +552,7 @@ struct netlink_ctx; extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd); extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache, - enum cmd_ops cmd, struct list_head *msgs, bool debug, + enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_mask, struct output_ctx *octx); extern void cache_flush(struct list_head *table_list); extern void cache_release(struct nft_cache *cache); diff --git a/src/evaluate.c b/src/evaluate.c index a2c1c72..097d0a1 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -184,7 +184,7 @@ static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr) break; case SYMBOL_SET: ret = cache_update(ctx->nf_sock, ctx->cache, ctx->cmd- >op, - ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); + ctx->msgs, ctx->debug_mask, ctx- >octx); if (ret < 0) return ret; @@ -3076,14 +3076,14 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_SETELEM: ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, - ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); + ctx->msgs, ctx->debug_mask, ctx- >octx); if (ret < 0) return ret; return setelem_evaluate(ctx, &cmd->expr); case CMD_OBJ_SET: ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, - ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); + ctx->msgs, ctx->debug_mask, ctx- >octx); if (ret < 0) return ret; @@ -3094,7 +3094,7 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) return rule_evaluate(ctx, cmd->rule); case CMD_OBJ_CHAIN: ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, - ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); + ctx->msgs, ctx->debug_mask, ctx- >octx); if (ret < 0) return ret; @@ -3126,7 +3126,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_SETELEM: ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, - ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); + ctx->msgs, ctx->debug_mask, ctx- >octx); if (ret < 0) return ret; @@ -3153,7 +3153,7 @@ static int cmd_evaluate_get(struct eval_ctx *ctx, struct cmd *cmd) int ret; ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx- >msgs, - ctx->debug_mask & NFT_DEBUG_NETLINK, ctx- >octx); + ctx->debug_mask, ctx->octx); if (ret < 0) return ret; @@ -3199,7 +3199,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd) int ret; ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx- >msgs, - ctx->debug_mask & NFT_DEBUG_NETLINK, ctx- >octx); + ctx->debug_mask, ctx->octx); if (ret < 0) return ret; @@ -3287,7 +3287,7 @@ static int cmd_evaluate_reset(struct eval_ctx *ctx, struct cmd *cmd) int ret; ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx- >msgs, - ctx->debug_mask & NFT_DEBUG_NETLINK, ctx- >octx); + ctx->debug_mask, ctx->octx); if (ret < 0) return ret; @@ -3373,7 +3373,7 @@ static int cmd_evaluate_rename(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_CHAIN: ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, - ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); + ctx->msgs, ctx->debug_mask, ctx- >octx); if (ret < 0) return ret; @@ -3471,7 +3471,7 @@ static int cmd_evaluate_monitor(struct eval_ctx *ctx, struct cmd *cmd) int ret; ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx- >msgs, - ctx->debug_mask & NFT_DEBUG_NETLINK, ctx- >octx); + ctx->debug_mask, ctx->octx); if (ret < 0) return ret; @@ -3496,7 +3496,7 @@ static int cmd_evaluate_export(struct eval_ctx *ctx, struct cmd *cmd) return cmd_error(ctx, "this output type is not supported"); return cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx- >msgs, - ctx->debug_mask & NFT_DEBUG_NETLINK, ctx- >octx); + ctx->debug_mask, ctx->octx); } static int cmd_evaluate_import(struct eval_ctx *ctx, struct cmd *cmd) diff --git a/src/netlink.c b/src/netlink.c index bfa3050..b133bcc 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -482,7 +482,7 @@ int netlink_replace_rule_batch(struct netlink_ctx *ctx, const struct handle *h, if (ctx->octx->echo) { err = cache_update(ctx->nf_sock, ctx->cache, CMD_INVALID, ctx->msgs, - ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); + ctx->debug_mask, ctx->octx); if (err < 0) return err; diff --git a/src/rule.c b/src/rule.c index c5bf659..75e5041 100644 --- a/src/rule.c +++ b/src/rule.c @@ -146,7 +146,7 @@ static int cache_init(struct netlink_ctx *ctx, enum cmd_ops cmd) } int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache, - enum cmd_ops cmd, struct list_head *msgs, bool debug, + enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_mask, struct output_ctx *octx)