From 801ef12e89e063908c5a4d38ae30a612144b7bf6 Mon Sep 17 00:00:00 2001
From: Robb Manes <rmanes@redhat.com>
Date: Fri, 24 Mar 2017 12:11:53 -0400
Subject: [networking] collect nftables rules and files

This patch adds to the networking plugin the command:

        $ nft list rulesets

Which will provide all currently loaded nftables rulesets.  In addition,
it collects static nftables configuration.

Signed-off-by: Robb Manes <rmanes@redhat.com>
---
 sos/plugins/networking.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/sos/plugins/networking.py b/sos/plugins/networking.py
index 9d8aac66..5a771062 100644
--- a/sos/plugins/networking.py
+++ b/sos/plugins/networking.py
@@ -112,6 +112,13 @@ class Networking(Plugin):
             cmd = "ip6tables -t "+tablename+" -nvL"
             self.add_cmd_output(cmd)
 
+    def collect_nftables(self):
+        """ Collects nftables rulesets with 'nft' commands if the modules
+        are present """
+
+        if self.check_ext_prog("grep -q nf_tables /proc/modules"):
+            self.add_cmd_output("nft list ruleset")
+
     def setup(self):
         super(Networking, self).setup()
         self.add_copy_spec([
@@ -126,6 +133,9 @@ class Networking(Plugin):
             "/etc/network*",
             "/etc/NetworkManager/NetworkManager.conf",
             "/etc/NetworkManager/system-connections",
+            "/etc/nftables",
+            "/etc/sysconfig/nftables.conf",
+            "/etc/nftables.conf",
             "/etc/dnsmasq*",
             "/sys/class/net/*/flags",
             "/etc/iproute2"
@@ -149,6 +159,8 @@ class Networking(Plugin):
         self.collect_ip6table("nat")
         self.collect_ip6table("mangle")
 
+        self.collect_nftables()
+
         self.add_cmd_output("netstat %s -neopa" % self.ns_wide,
                             root_symlink="netstat")
 
-- 
cgit