From baa4e0e3fa5ff9ad6e3c97b0347ad23058c545d9 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 29 Oct 2018 14:04:07 +0100 Subject: src: add NFT_CTX_OUTPUT_NUMERIC_PROTO We keep printing layer 4 protocols as literals since we do not use /etc/protocols. This new flag allows us to print it as a number. libnftables internally uses this to print layer 4 protocol as numbers when part of a range. Acked-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- doc/libnftables.adoc | 3 +++ include/nftables.h | 5 +++++ include/nftables/libnftables.h | 1 + src/datatype.c | 2 +- src/expression.c | 1 + src/json.c | 3 ++- 6 files changed, 13 insertions(+), 2 deletions(-) diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc index 67d9f261..dc3299f0 100644 --- a/doc/libnftables.adoc +++ b/doc/libnftables.adoc @@ -91,6 +91,7 @@ enum { NFT_CTX_OUTPUT_JSON = (1 << 4), NFT_CTX_OUTPUT_ECHO = (1 << 5), NFT_CTX_OUTPUT_GUID = (1 << 6), + NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7), }; ---- @@ -119,6 +120,8 @@ NFT_CTX_OUTPUT_GUID:: The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'. The *nft_ctx_output_set_flags*() function sets the output flags setting in 'ctx' to the value of 'val'. +NFT_CTX_OUTPUT_NUMERIC_PROTO:: + Display layer 4 protocol numerically. === nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric() These functions allow control over value representation in library output. diff --git a/include/nftables.h b/include/nftables.h index 2dff07fe..d0031e84 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -63,6 +63,11 @@ static inline bool nft_output_guid(const struct output_ctx *octx) return octx->flags & NFT_CTX_OUTPUT_GUID; } +static inline bool nft_output_numeric_proto(const struct output_ctx *octx) +{ + return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PROTO; +} + struct nft_cache { uint16_t genid; struct list_head list; diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h index ff7b47aa..74f2dabb 100644 --- a/include/nftables/libnftables.h +++ b/include/nftables/libnftables.h @@ -52,6 +52,7 @@ enum { NFT_CTX_OUTPUT_JSON = (1 << 4), NFT_CTX_OUTPUT_ECHO = (1 << 5), NFT_CTX_OUTPUT_GUID = (1 << 6), + NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7), }; unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx); diff --git a/src/datatype.c b/src/datatype.c index 48eaca27..bfb70a6e 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -564,7 +564,7 @@ static void inet_protocol_type_print(const struct expr *expr, { struct protoent *p; - if (octx->numeric < NFT_NUMERIC_ALL) { + if (!nft_output_numeric_proto(octx)) { p = getprotobynumber(mpz_get_uint8(expr->value)); if (p != NULL) { nft_print(octx, "%s", p->p_name); diff --git a/src/expression.c b/src/expression.c index 25883ea7..5ff469c5 100644 --- a/src/expression.c +++ b/src/expression.c @@ -663,6 +663,7 @@ static void range_expr_print(const struct expr *expr, struct output_ctx *octx) unsigned int flags = octx->flags; octx->flags &= ~NFT_CTX_OUTPUT_SERVICE; + octx->flags |= NFT_CTX_OUTPUT_NUMERIC_PROTO; expr_print(expr->left, octx); nft_print(octx, "-"); expr_print(expr->right, octx); diff --git a/src/json.c b/src/json.c index e90445fc..8a2bcd65 100644 --- a/src/json.c +++ b/src/json.c @@ -448,6 +448,7 @@ json_t *range_expr_json(const struct expr *expr, struct output_ctx *octx) json_t *root; octx->flags &= ~NFT_CTX_OUTPUT_SERVICE; + octx->flags |= NFT_CTX_OUTPUT_NUMERIC_PROTO; root = json_pack("{s:[o, o]}", "range", expr_print_json(expr->left, octx), expr_print_json(expr->right, octx)); @@ -961,7 +962,7 @@ json_t *inet_protocol_type_json(const struct expr *expr, { struct protoent *p; - if (octx->numeric < NFT_NUMERIC_ALL) { + if (!nft_output_numeric_proto(octx)) { p = getprotobynumber(mpz_get_uint8(expr->value)); if (p != NULL) return json_string(p->p_name); -- cgit v1.2.3