From 9e45a28ca467f08b9c01baf73d1849055e53ea0b Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 24 Aug 2018 11:04:30 +0200 Subject: src: honor /etc/services This partial patch reverts: ccc5da470e76 ("datatype: Replace getnameinfo() by internal lookup table") f0f99006d34b ("datatype: Replace getaddrinfo() by internal lookup table") so /etc/services is used to interpret service names, eg. # nft add rule x y tcp dport \"ssh\" Then, listing looks like: # nft list ruleset -l table x { chain y { ... tcp dport "ssh" } } Major changes with regards to the original approach are: 1) Services are displayed in text via `-l' option. 2) Services are user-defined, just like mappings in /etc/iproute2/* files and connlabel.conf, so they are displayed enclosed in quotes. Note that original service name code was broken since it parses both udp and tcp service names but it only displays tcp services names as literal. This is because NI_DGRAM is missing. This patch makes nft falls back on udp services if no literal was found in the initial tcp service name query. Proper way to handle would be to add infrastructure to store protocol context information in struct output_ctx. Signed-off-by: Pablo Neira Ayuso --- src/Makefile.am | 1 - 1 file changed, 1 deletion(-) (limited to 'src/Makefile.am') diff --git a/src/Makefile.am b/src/Makefile.am index e569029d..8e69232f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -54,7 +54,6 @@ libnftables_la_SOURCES = \ erec.c \ mnl.c \ iface.c \ - services.c \ mergesort.c \ osf.c \ nfnl_osf.c \ -- cgit v1.2.3