From 31f031b0d348afd1c343692eca4b496c4bf5d05d Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Thu, 6 Nov 2014 09:05:28 +0100 Subject: nft: don't resolve hostnames by default This patch changes the default behaviour of nft to not translate IP addresses to hostnames when printing rules if no options are passed. The options regarding translations after this patch are: show IP addresses numerically (default behaviour) -n show IP addresses numerically -nn show Internet services and uid/gid numerically -nnn show protocols numerically -N (--reversedns) translate IP addresses to names The idea is to avoid breaking existing scripts that most likely rely on '-n' to save the ruleset, so we reduce the impact of this patch and provide a default behaviour that doesn't generate network traffic when listing / saving the ruleset. Joint work with Pablo. Suggested-by: Patrick McHardy Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/datatype.c | 4 ++-- src/main.c | 16 +++++++++++++--- 2 files changed, 15 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/datatype.c b/src/datatype.c index 8ad211c1..5f976aa3 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -379,7 +379,7 @@ static void ipaddr_type_print(const struct expr *expr) sin.sin_addr.s_addr = mpz_get_be32(expr->value); err = getnameinfo((struct sockaddr *)&sin, sizeof(sin), buf, sizeof(buf), NULL, 0, - numeric_output ? NI_NUMERICHOST : 0); + ip2name_output ? 0 : NI_NUMERICHOST); if (err != 0) { getnameinfo((struct sockaddr *)&sin, sizeof(sin), buf, sizeof(buf), NULL, 0, NI_NUMERICHOST); @@ -437,7 +437,7 @@ static void ip6addr_type_print(const struct expr *expr) err = getnameinfo((struct sockaddr *)&sin6, sizeof(sin6), buf, sizeof(buf), NULL, 0, - numeric_output ? NI_NUMERICHOST : 0); + ip2name_output ? 0 : NI_NUMERICHOST); if (err != 0) { getnameinfo((struct sockaddr *)&sin6, sizeof(sin6), buf, sizeof(buf), NULL, 0, NI_NUMERICHOST); diff --git a/src/main.c b/src/main.c index 3607bd58..16259143 100644 --- a/src/main.c +++ b/src/main.c @@ -28,6 +28,7 @@ unsigned int max_errors = 10; unsigned int numeric_output; +unsigned int ip2name_output; unsigned int handle_output; #ifdef DEBUG unsigned int debug_level; @@ -43,12 +44,13 @@ enum opt_vals { OPT_INTERACTIVE = 'i', OPT_INCLUDEPATH = 'I', OPT_NUMERIC = 'n', + OPT_IP2NAME = 'N', OPT_DEBUG = 'd', OPT_HANDLE_OUTPUT = 'a', OPT_INVALID = '?', }; -#define OPTSTRING "hvf:iI:vna" +#define OPTSTRING "hvf:iI:vnNa" static const struct option options[] = { { @@ -72,6 +74,10 @@ static const struct option options[] = { .name = "numeric", .val = OPT_NUMERIC, }, + { + .name = "reversedns", + .val = OPT_IP2NAME, + }, { .name = "includepath", .val = OPT_INCLUDEPATH, @@ -105,10 +111,11 @@ static void show_help(const char *name) " -f/--file Read input from \n" " -i/--interactive Read input from interactive CLI\n" "\n" -" -n/--numeric When specified once, show network addresses numerically.\n" -" When specified twice, also show Internet services,\n" +" -n/--numeric When specified once, show network addresses numerically (default behaviour).\n" +" When specified twice, show Internet services,\n" " user IDs and group IDs numerically.\n" " When specified thrice, also show protocols numerically.\n" +" -N Translate IP addresses to names.\n" " -a/--handle Output rule handle.\n" " -I/--includepath Add to the paths searched for include files.\n" #ifdef DEBUG @@ -279,6 +286,9 @@ int main(int argc, char * const *argv) case OPT_NUMERIC: numeric_output++; break; + case OPT_IP2NAME: + ip2name_output++; + break; #ifdef DEBUG case OPT_DEBUG: for (;;) { -- cgit v1.2.3