diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-07-03 17:24:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-07-07 20:53:11 +0200 |
commit | b0f6a45b25dd1b8e4ab0e3b2dd2a00d918ae29c0 (patch) | |
tree | d2d457d0b8384aee1f7a6d176c21ec9cf8814db6 /src/main.c | |
parent | 1dc9be8445265498a2db534ae254260b6e7dd75b (diff) |
src: add --literal option
Default not to print the service name as we discussed during the NFWS.
# nft list ruleset
table ip x {
chain y {
tcp dport 22
ip saddr 1.1.1.1
}
}
# nft -l list ruleset
table ip x {
chain y {
tcp dport ssh
ip saddr 1.1.1.1
}
}
# nft -ll list ruleset
table ip x {
chain y {
tcp dport 22
ip saddr 1dot1dot1dot1.cloudflare-dns.com
}
}
Then, -ll displays FQDN. just like the (now deprecated) --ip2name (-N)
option.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/main.c')
-rw-r--r-- | src/main.c | 25 |
1 files changed, 23 insertions, 2 deletions
@@ -35,13 +35,14 @@ enum opt_vals { OPT_NUMERIC = 'n', OPT_STATELESS = 's', OPT_IP2NAME = 'N', + OPT_LITERAL = 'l', OPT_DEBUG = 'd', OPT_HANDLE_OUTPUT = 'a', OPT_ECHO = 'e', OPT_INVALID = '?', }; -#define OPTSTRING "hvcf:iI:jvnsNae" +#define OPTSTRING "hvcf:iI:jvnsNael" static const struct option options[] = { { @@ -78,6 +79,10 @@ static const struct option options[] = { .val = OPT_IP2NAME, }, { + .name = "literal", + .val = OPT_LITERAL, + }, + { .name = "includepath", .val = OPT_INCLUDEPATH, .has_arg = 1, @@ -173,6 +178,7 @@ int main(int argc, char * const *argv) { char *buf = NULL, *filename = NULL; enum nft_numeric_level numeric; + enum nft_literal_level literal; bool interactive = false; unsigned int debug_mask; unsigned int len; @@ -224,7 +230,22 @@ int main(int argc, char * const *argv) nft_ctx_output_set_stateless(nft, true); break; case OPT_IP2NAME: - nft_ctx_output_set_ip2name(nft, true); + literal = nft_ctx_output_get_literal(nft); + if (literal + 2 > NFT_LITERAL_ADDR) { + fprintf(stderr, "Cannot combine `-N' with `-l'\n"); + exit(EXIT_FAILURE); + } + nft_ctx_output_set_literal(nft, literal + 2); + break; + case OPT_LITERAL: + literal = nft_ctx_output_get_literal(nft); + if (literal + 1 > NFT_LITERAL_ADDR) { + fprintf(stderr, "Too many `-l' options or " + "perhaps you combined `-l' " + "with `-N'?\n"); + exit(EXIT_FAILURE); + } + nft_ctx_output_set_literal(nft, literal + 1); break; case OPT_DEBUG: debug_mask = nft_ctx_output_get_debug(nft); |