From 3c69cf7603534ef6df01ec079c6a4d3d3382f580 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 27 Oct 2018 11:55:00 +0200 Subject: src: add nft_ctx_output_{get,set}_handle() to nft_ctx_output_{get,set}_flags Add NFT_CTX_OUTPUT_HANDLE flag and print handle that uniquely identify objects from new output flags interface. Acked-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- doc/libnftables.adoc | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) (limited to 'doc') diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc index c0ce5be2..dbd38bdd 100644 --- a/doc/libnftables.adoc +++ b/doc/libnftables.adoc @@ -28,9 +28,6 @@ void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*, unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*); void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*); -bool nft_ctx_output_get_handle(struct nft_ctx* '\*ctx'*); -void nft_ctx_output_set_handle(struct nft_ctx* '\*ctx'*, bool* 'val'*); - bool nft_ctx_output_get_echo(struct nft_ctx* '\*ctx'*); void nft_ctx_output_set_echo(struct nft_ctx* '\*ctx'*, bool* 'val'*); @@ -96,6 +93,7 @@ enum { NFT_CTX_OUTPUT_REVERSEDNS = (1 << 0), NFT_CTX_OUTPUT_SERVICE = (1 << 1), NFT_CTX_OUTPUT_STATELESS = (1 << 2), + NFT_CTX_OUTPUT_HANDLE = (1 << 3), }; ---- @@ -106,6 +104,11 @@ NFT_CTX_OUTPUT_SERVICE:: NFT_CTX_OUTPUT_STATELESS:: If stateless output has been requested then stateful data is not printed. Stateful data refers to those objects that carry run-time data, eg. the *counter* statement holds packet and byte counter values, making it stateful. +NFT_CTX_OUTPUT_HANDLE:: + Upon insertion into the ruleset, some elements are assigned a unique handle for identification purposes. +For example, when deleting a table or chain, it may be identified either by name or handle. +Rules on the other hand must be deleted by handle because there is no other way to uniquely identify them. +This flag makes ruleset listings include handle values. The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'. @@ -178,17 +181,6 @@ The *nft_ctx_output_get_debug*() function returns the debug output setting's val The *nft_ctx_output_set_debug*() function sets the debug output setting in 'ctx' to the value of 'mask'. -=== nft_ctx_output_get_handle() and nft_ctx_output_set_handle() -Upon insertion into the ruleset, some elements are assigned a unique handle for identification purposes. -For example, when deleting a table or chain, it may be identified either by name or handle. -Rules on the other hand must be deleted by handle because there is no other way to uniquely identify them. -These functions allow to control whether ruleset listings should include handles or not. -The default setting is *false*. - -The *nft_ctx_output_get_handle*() function returns the handle output setting's value in 'ctx'. - -The *nft_ctx_output_set_handle*() function sets the handle output setting in 'ctx' to the value of 'val'. - === nft_ctx_output_get_echo() and nft_ctx_output_set_echo() The echo setting makes libnftables print the changes once they are committed to the kernel, just like a running instance of *nft monitor* would. Amongst other things, this allows to retrieve an added rule's handle atomically. -- cgit v1.2.3