From b0f6a45b25dd1b8e4ab0e3b2dd2a00d918ae29c0 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 3 Jul 2018 17:24:05 +0200
Subject: src: add --literal option

Default not to print the service name as we discussed during the NFWS.

 # nft list ruleset
 table ip x {
        chain y {
                tcp dport 22
                ip saddr 1.1.1.1
        }
 }

 # nft -l list ruleset
 table ip x {
        chain y {
                tcp dport ssh
                ip saddr 1.1.1.1
        }
 }

 # nft -ll list ruleset
 table ip x {
        chain y {
                tcp dport 22
                ip saddr 1dot1dot1dot1.cloudflare-dns.com
        }
 }

Then, -ll displays FQDN. just like the (now deprecated) --ip2name (-N)
option.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/datatype.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/datatype.c')

diff --git a/src/datatype.c b/src/datatype.c
index 20904453..fbc3ac35 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -454,7 +454,7 @@ static void ipaddr_type_print(const struct expr *expr, struct output_ctx *octx)
 	sin.sin_addr.s_addr = mpz_get_be32(expr->value);
 	err = getnameinfo((struct sockaddr *)&sin, sizeof(sin), buf,
 			  sizeof(buf), NULL, 0,
-			  octx->ip2name ? 0 : NI_NUMERICHOST);
+			  octx->literal >= NFT_LITERAL_ADDR ? 0 : NI_NUMERICHOST);
 	if (err != 0) {
 		getnameinfo((struct sockaddr *)&sin, sizeof(sin), buf,
 			    sizeof(buf), NULL, 0, NI_NUMERICHOST);
@@ -512,7 +512,7 @@ static void ip6addr_type_print(const struct expr *expr, struct output_ctx *octx)
 
 	err = getnameinfo((struct sockaddr *)&sin6, sizeof(sin6), buf,
 			  sizeof(buf), NULL, 0,
-			  octx->ip2name ? 0 : NI_NUMERICHOST);
+			  octx->literal >= NFT_LITERAL_ADDR ? 0 : NI_NUMERICHOST);
 	if (err != 0) {
 		getnameinfo((struct sockaddr *)&sin6, sizeof(sin6), buf,
 			    sizeof(buf), NULL, 0, NI_NUMERICHOST);
@@ -617,11 +617,11 @@ const struct datatype inet_protocol_type = {
 static void inet_service_type_print(const struct expr *expr,
 				     struct output_ctx *octx)
 {
-	if (octx->numeric >= NFT_NUMERIC_PORT) {
-		integer_type_print(expr, octx);
+	if (octx->literal == NFT_LITERAL_PORT) {
+		symbolic_constant_print(&inet_service_tbl, expr, false, octx);
 		return;
 	}
-	symbolic_constant_print(&inet_service_tbl, expr, false, octx);
+	integer_type_print(expr, octx);
 }
 
 static struct error_record *inet_service_type_parse(const struct expr *sym,
-- 
cgit v1.2.3