diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-07-03 17:24:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-07-07 20:53:11 +0200 |
commit | b0f6a45b25dd1b8e4ab0e3b2dd2a00d918ae29c0 (patch) | |
tree | d2d457d0b8384aee1f7a6d176c21ec9cf8814db6 /src/datatype.c | |
parent | 1dc9be8445265498a2db534ae254260b6e7dd75b (diff) |
src: add --literal option
Default not to print the service name as we discussed during the NFWS.
# nft list ruleset
table ip x {
chain y {
tcp dport 22
ip saddr 1.1.1.1
}
}
# nft -l list ruleset
table ip x {
chain y {
tcp dport ssh
ip saddr 1.1.1.1
}
}
# nft -ll list ruleset
table ip x {
chain y {
tcp dport 22
ip saddr 1dot1dot1dot1.cloudflare-dns.com
}
}
Then, -ll displays FQDN. just like the (now deprecated) --ip2name (-N)
option.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/datatype.c')
-rw-r--r-- | src/datatype.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/datatype.c b/src/datatype.c index 20904453..fbc3ac35 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -454,7 +454,7 @@ static void ipaddr_type_print(const struct expr *expr, struct output_ctx *octx) sin.sin_addr.s_addr = mpz_get_be32(expr->value); err = getnameinfo((struct sockaddr *)&sin, sizeof(sin), buf, sizeof(buf), NULL, 0, - octx->ip2name ? 0 : NI_NUMERICHOST); + octx->literal >= NFT_LITERAL_ADDR ? 0 : NI_NUMERICHOST); if (err != 0) { getnameinfo((struct sockaddr *)&sin, sizeof(sin), buf, sizeof(buf), NULL, 0, NI_NUMERICHOST); @@ -512,7 +512,7 @@ static void ip6addr_type_print(const struct expr *expr, struct output_ctx *octx) err = getnameinfo((struct sockaddr *)&sin6, sizeof(sin6), buf, sizeof(buf), NULL, 0, - octx->ip2name ? 0 : NI_NUMERICHOST); + octx->literal >= NFT_LITERAL_ADDR ? 0 : NI_NUMERICHOST); if (err != 0) { getnameinfo((struct sockaddr *)&sin6, sizeof(sin6), buf, sizeof(buf), NULL, 0, NI_NUMERICHOST); @@ -617,11 +617,11 @@ const struct datatype inet_protocol_type = { static void inet_service_type_print(const struct expr *expr, struct output_ctx *octx) { - if (octx->numeric >= NFT_NUMERIC_PORT) { - integer_type_print(expr, octx); + if (octx->literal == NFT_LITERAL_PORT) { + symbolic_constant_print(&inet_service_tbl, expr, false, octx); return; } - symbolic_constant_print(&inet_service_tbl, expr, false, octx); + integer_type_print(expr, octx); } static struct error_record *inet_service_type_parse(const struct expr *sym, |