diff options
| author | Harsha Sharma <harshasharmaiitr@gmail.com> | 2017-12-23 11:45:25 -0800 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-05 16:38:08 +0100 |
| commit | 0f8302635ad3f7bea70044df823ea783b6bcf4d6 (patch) | |
| tree | 1f2e6a1ed919a8c10e83cc216f8ea1e9cc959012 | |
| parent | 1ec8f41af4dd53ac9edc5da1a2810dd5bac4d4a3 (diff) | |
src: print 'handle' attribute in tables
Print 'handle' attribute in tables, when listing via '-a' option
For eg.
nft list ruleset -a
table ip test-ip4 {
chain input {
ip saddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
}
# handle 1}
table ip filter {
chain output {
tcp dport ssh counter packets 0 bytes 0 # handle 4
}
# handle 2}
table ip xyz {
# handle 3}
Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/linux/netfilter/nf_tables.h | 4 | ||||
| -rw-r--r-- | src/netlink.c | 6 | ||||
| -rw-r--r-- | src/rule.c | 2 |
3 files changed, 11 insertions, 1 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index b2d36004..4854210d 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -168,12 +168,14 @@ enum nft_table_flags { * @NFTA_TABLE_NAME: name of the table (NLA_STRING) * @NFTA_TABLE_FLAGS: bitmask of enum nft_table_flags (NLA_U32) * @NFTA_TABLE_USE: number of chains in this table (NLA_U32) + * @NFTA_TABLE_HANDLE: numeric handle of the table (NLA_U64) */ enum nft_table_attributes { NFTA_TABLE_UNSPEC, NFTA_TABLE_NAME, NFTA_TABLE_FLAGS, NFTA_TABLE_USE, + NFTA_TABLE_HANDLE, __NFTA_TABLE_MAX }; #define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1) @@ -1320,6 +1322,7 @@ enum nft_object_attributes { * * @NFTA_TRACE_TABLE: name of the table (NLA_STRING) * @NFTA_TRACE_CHAIN: name of the chain (NLA_STRING) + * @NFTA_TRACE_TABLE_HANDLE: numeric handle of the table (NLA_U64) * @NFTA_TRACE_RULE_HANDLE: numeric handle of the rule (NLA_U64) * @NFTA_TRACE_TYPE: type of the event (NLA_U32: nft_trace_types) * @NFTA_TRACE_VERDICT: verdict returned by hook (NLA_NESTED: nft_verdicts) @@ -1339,6 +1342,7 @@ enum nft_trace_attributes { NFTA_TRACE_UNSPEC, NFTA_TRACE_TABLE, NFTA_TRACE_CHAIN, + NFTA_TRACE_TABLE_HANDLE, NFTA_TRACE_RULE_HANDLE, NFTA_TRACE_TYPE, NFTA_TRACE_VERDICT, diff --git a/src/netlink.c b/src/netlink.c index d4ed09bf..728b6fdf 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -126,6 +126,8 @@ struct nftnl_table *alloc_nftnl_table(const struct handle *h) nftnl_table_set_u32(nlt, NFTNL_TABLE_FAMILY, h->family); if (h->table != NULL) nftnl_table_set(nlt, NFTNL_TABLE_NAME, h->table); + if (h->handle.id) + nftnl_table_set_u64(nlt, NFTNL_TABLE_HANDLE, h->handle.id); return nlt; } @@ -140,7 +142,7 @@ struct nftnl_chain *alloc_nftnl_chain(const struct handle *h) nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, h->family); nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, h->table); - if (h->handle.id != 0) + if (h->handle.id) nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, h->handle.id); if (h->chain != NULL) nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, h->chain); @@ -810,6 +812,7 @@ static struct table *netlink_delinearize_table(struct netlink_ctx *ctx, table->handle.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY); table->handle.table = xstrdup(nftnl_table_get_str(nlt, NFTNL_TABLE_NAME)); table->flags = nftnl_table_get_u32(nlt, NFTNL_TABLE_FLAGS); + table->handle.handle.id = nftnl_table_get_u64(nlt, NFTNL_TABLE_HANDLE); return table; } @@ -838,6 +841,7 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h, return 0; } + ctx->data = h; nftnl_table_list_foreach(table_cache, list_table_cb, ctx); nftnl_table_list_free(table_cache); return 0; @@ -879,6 +879,8 @@ static void table_print(const struct table *table, struct output_ctx *octx) chain_print(chain, octx); delim = "\n"; } + if (octx->handle > 0) + nft_print(octx, " # handle %" PRIu64, table->handle.handle.id); nft_print(octx, "}\n"); } |