src: add --literal option

Default not to print the service name as we discussed during the NFWS.

 # nft list ruleset
 table ip x {
        chain y {
                tcp dport 22
                ip saddr 1.1.1.1
        }
 }

 # nft -l list ruleset
 table ip x {
        chain y {
                tcp dport ssh
                ip saddr 1.1.1.1
        }
 }

 # nft -ll list ruleset
 table ip x {
        chain y {
                tcp dport 22
                ip saddr 1dot1dot1dot1.cloudflare-dns.com
        }
 }

Then, -ll displays FQDN. just like the (now deprecated) --ip2name (-N)
option.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 9 insertions, 3 deletions

diff --git a/include/nftables.h b/include/nftables.h
index 5e209b41..25e78c80 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -18,7 +18,7 @@ struct cookie {
 struct output_ctx {
 	unsigned int numeric;
 	unsigned int stateless;
-	unsigned int ip2name;
+	unsigned int literal;
 	unsigned int handle;
 	unsigned int echo;
 	unsigned int json;
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index 13ec3927..dee099f2 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -33,6 +33,12 @@ enum nft_numeric_level {
 	NFT_NUMERIC_ALL,
 };
 
+enum nft_literal_level {
+	NFT_LITERAL_NONE,
+	NFT_LITERAL_PORT,
+	NFT_LITERAL_ADDR,
+};
+
 /**
  * Possible flags to pass to nft_ctx_new()
  */
@@ -47,8 +53,8 @@ enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
 void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level);
 bool nft_ctx_output_get_stateless(struct nft_ctx *ctx);
 void nft_ctx_output_set_stateless(struct nft_ctx *ctx, bool val);
-bool nft_ctx_output_get_ip2name(struct nft_ctx *ctx);
-void nft_ctx_output_set_ip2name(struct nft_ctx *ctx, bool val);
+enum nft_literal_level nft_ctx_output_get_literal(struct nft_ctx *ctx);
+void nft_ctx_output_set_literal(struct nft_ctx *ctx, enum nft_literal_level val);
 unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
 void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
 bool nft_ctx_output_get_handle(struct nft_ctx *ctx);