summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2018-10-24 17:37:47 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-10-29 15:07:34 +0100
commita42d2865bc7e96fe63276e22acd523d996aaf0a4 (patch)
treeb0779465bba8cf7562628ae884278fed73963362 /include
parentf27fc14cbd3097e98c4d3549ff93c9284134b866 (diff)
src: Revert --literal, add -S/--service
This is a partial revert of b0f6a45b25dd1 ("src: add --literal option") which was added during the development cycle before 0.9.1 is released. After looking at patch: https://patchwork.ozlabs.org/patch/969864/ that allows to print priority, uid, gid and protocols as numerics, I decided to revisit this to provide individual options to turn on literal printing. What I'm proposing is to provide a good default for everyone, and provide options to turn on literal/numeric printing. This patch adds nft_ctx_output_{set,get}_flags() and define two flags to enable reverse DNS lookups and to print ports as service names. This patch introduces -S/--services, to print service names as per /etc/services. Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/nftables.h12
-rw-r--r--include/nftables/libnftables.h17
2 files changed, 20 insertions, 9 deletions
diff --git a/include/nftables.h b/include/nftables.h
index 1009e266..86b44f17 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -16,9 +16,9 @@ struct cookie {
};
struct output_ctx {
+ unsigned int flags;
unsigned int numeric;
unsigned int stateless;
- unsigned int literal;
unsigned int handle;
unsigned int echo;
unsigned int json;
@@ -32,6 +32,16 @@ struct output_ctx {
};
};
+static inline bool nft_output_reversedns(const struct output_ctx *octx)
+{
+ return octx->flags & NFT_CTX_OUTPUT_REVERSEDNS;
+}
+
+static inline bool nft_output_service(const struct output_ctx *octx)
+{
+ return octx->flags & NFT_CTX_OUTPUT_SERVICE;
+}
+
struct nft_cache {
uint16_t genid;
struct list_head list;
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index dee099f2..321441b0 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -33,12 +33,6 @@ enum nft_numeric_level {
NFT_NUMERIC_ALL,
};
-enum nft_literal_level {
- NFT_LITERAL_NONE,
- NFT_LITERAL_PORT,
- NFT_LITERAL_ADDR,
-};
-
/**
* Possible flags to pass to nft_ctx_new()
*/
@@ -49,12 +43,19 @@ void nft_ctx_free(struct nft_ctx *ctx);
bool nft_ctx_get_dry_run(struct nft_ctx *ctx);
void nft_ctx_set_dry_run(struct nft_ctx *ctx, bool dry);
+
+enum {
+ NFT_CTX_OUTPUT_REVERSEDNS = (1 << 0),
+ NFT_CTX_OUTPUT_SERVICE = (1 << 1),
+};
+
+unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
+void nft_ctx_output_set_flags(struct nft_ctx *ctx, unsigned int flags);
+
enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level);
bool nft_ctx_output_get_stateless(struct nft_ctx *ctx);
void nft_ctx_output_set_stateless(struct nft_ctx *ctx, bool val);
-enum nft_literal_level nft_ctx_output_get_literal(struct nft_ctx *ctx);
-void nft_ctx_output_set_literal(struct nft_ctx *ctx, enum nft_literal_level val);
unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
bool nft_ctx_output_get_handle(struct nft_ctx *ctx);