summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/libnftables.adoc21
-rw-r--r--doc/nft.txt4
-rw-r--r--include/nftables.h5
-rw-r--r--include/nftables/libnftables.h1
-rw-r--r--src/main.c11
-rw-r--r--src/rule.c3
6 files changed, 34 insertions, 11 deletions
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index ea9626af..8ce1196f 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -80,16 +80,17 @@ The flags setting controls the output format.
----
enum {
- NFT_CTX_OUTPUT_REVERSEDNS = (1 << 0),
- NFT_CTX_OUTPUT_SERVICE = (1 << 1),
- NFT_CTX_OUTPUT_STATELESS = (1 << 2),
- NFT_CTX_OUTPUT_HANDLE = (1 << 3),
- NFT_CTX_OUTPUT_JSON = (1 << 4),
- NFT_CTX_OUTPUT_ECHO = (1 << 5),
- NFT_CTX_OUTPUT_GUID = (1 << 6),
- NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
- NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8),
+ NFT_CTX_OUTPUT_REVERSEDNS = (1 << 0),
+ NFT_CTX_OUTPUT_SERVICE = (1 << 1),
+ NFT_CTX_OUTPUT_STATELESS = (1 << 2),
+ NFT_CTX_OUTPUT_HANDLE = (1 << 3),
+ NFT_CTX_OUTPUT_JSON = (1 << 4),
+ NFT_CTX_OUTPUT_ECHO = (1 << 5),
+ NFT_CTX_OUTPUT_GUID = (1 << 6),
+ NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
+ NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8),
NFT_CTX_OUTPUT_NUMERIC_SYMBOL = (1 << 9),
+ NFT_CTX_OUTPUT_TERSE = (1 << 11),
};
----
@@ -123,6 +124,8 @@ NFT_CTX_OUTPUT_NUMERIC_SYMBOL::
Display expression datatype as numeric value.
NFT_CTX_OUTPUT_NUMERIC_ALL::
Display all numerically.
+NFT_CTX_OUTPUT_TERSE::
+ If terse output has been requested, then the contents of sets are not printed.
The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
diff --git a/doc/nft.txt b/doc/nft.txt
index 616640a8..2c790099 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -97,6 +97,10 @@ For a full summary of options, run *nft --help*.
*--numeric-time*::
Show time, day and hour values in numeric format.
+*-t*::
+*--terse*::
+ Omit contents of sets from output.
+
INPUT FILE FORMATS
------------------
LEXICAL CONVENTIONS
diff --git a/include/nftables.h b/include/nftables.h
index 1ecf5ef5..21553c6b 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -90,6 +90,11 @@ static inline bool nft_output_numeric_symbol(const struct output_ctx *octx)
return octx->flags & NFT_CTX_OUTPUT_NUMERIC_SYMBOL;
}
+static inline bool nft_output_terse(const struct output_ctx *octx)
+{
+ return octx->flags & NFT_CTX_OUTPUT_TERSE;
+}
+
struct nft_cache {
uint32_t genid;
struct list_head list;
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index 7a7a46f3..765b20dd 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -56,6 +56,7 @@ enum {
NFT_CTX_OUTPUT_NUMERIC_ALL = (NFT_CTX_OUTPUT_NUMERIC_PROTO |
NFT_CTX_OUTPUT_NUMERIC_PRIO |
NFT_CTX_OUTPUT_NUMERIC_SYMBOL),
+ NFT_CTX_OUTPUT_TERSE = (1 << 11),
};
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
diff --git a/src/main.c b/src/main.c
index 238c5e0b..ebd6d7c3 100644
--- a/src/main.c
+++ b/src/main.c
@@ -43,9 +43,10 @@ enum opt_vals {
OPT_NUMERIC_PRIO = 'y',
OPT_NUMERIC_PROTO = 'p',
OPT_NUMERIC_TIME = 'T',
+ OPT_TERSE = 't',
OPT_INVALID = '?',
};
-#define OPTSTRING "+hvcf:iI:jvnsNaeSupypT"
+#define OPTSTRING "+hvcf:iI:jvnsNaeSupypTt"
static const struct option options[] = {
{
@@ -120,6 +121,10 @@ static const struct option options[] = {
.val = OPT_NUMERIC_TIME,
},
{
+ .name = "terse",
+ .val = OPT_TERSE,
+ },
+ {
.name = NULL
}
};
@@ -140,6 +145,7 @@ static void show_help(const char *name)
" -j, --json Format output in JSON\n"
" -n, --numeric Print fully numerical output.\n"
" -s, --stateless Omit stateful information of ruleset.\n"
+" -t, --terse Omit contents of sets.\n"
" -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n"
" -N Translate IP addresses to names.\n"
" -S, --service Translate ports to service names as described in /etc/services.\n"
@@ -301,6 +307,9 @@ int main(int argc, char * const *argv)
case OPT_NUMERIC_TIME:
output_flags |= NFT_CTX_OUTPUT_NUMERIC_TIME;
break;
+ case OPT_TERSE:
+ output_flags |= NFT_CTX_OUTPUT_TERSE;
+ break;
case OPT_INVALID:
exit(EXIT_FAILURE);
}
diff --git a/src/rule.c b/src/rule.c
index 55894cbd..64756bce 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -538,7 +538,8 @@ static void do_set_print(const struct set *set, struct print_fmt_options *opts,
{
set_print_declaration(set, opts, octx);
- if (set->flags & NFT_SET_EVAL && nft_output_stateless(octx)) {
+ if ((set->flags & NFT_SET_EVAL && nft_output_stateless(octx)) ||
+ nft_output_terse(octx)) {
nft_print(octx, "%s}%s", opts->tab, opts->nl);
return;
}