authorPablo Neira Ayuso <>2018-08-24 11:04:30 +0200
committerPablo Neira Ayuso <>2018-08-24 12:25:33 +0200
commit9e45a28ca467f08b9c01baf73d1849055e53ea0b (patch)
tree1eb0c76d643e66383230428aac3054d6310d15c2 /src/json.c
parentcebbd9678b7ee6f74b3bd4eefc23de5b27135799 (diff)
src: honor /etc/services
This partial patch reverts: ccc5da470e76 ("datatype: Replace getnameinfo() by internal lookup table") f0f99006d34b ("datatype: Replace getaddrinfo() by internal lookup table") so /etc/services is used to interpret service names, eg. # nft add rule x y tcp dport \"ssh\" Then, listing looks like: # nft list ruleset -l table x { chain y { ... tcp dport "ssh" } } Major changes with regards to the original approach are: 1) Services are displayed in text via `-l' option. 2) Services are user-defined, just like mappings in /etc/iproute2/* files and connlabel.conf, so they are displayed enclosed in quotes. Note that original service name code was broken since it parses both udp and tcp service names but it only displays tcp services names as literal. This is because NI_DGRAM is missing. This patch makes nft falls back on udp services if no literal was found in the initial tcp service name query. Proper way to handle would be to add infrastructure to store protocol context information in struct output_ctx. Signed-off-by: Pablo Neira Ayuso <>
diff --git a/src/json.c b/src/json.c
index 8a3e15e6..b70a53f2 100644
--- a/src/json.c
+++ b/src/json.c
@@ -864,7 +864,7 @@ json_t *inet_service_type_json(const struct expr *expr, struct output_ctx *octx)
if (octx->numeric >= NFT_NUMERIC_PORT)
return integer_type_json(expr, octx);
- return symbolic_constant_json(&inet_service_tbl, expr, octx);
+ return inet_service_type_print(expr, octx);
json_t *mark_type_json(const struct expr *expr, struct output_ctx *octx)