diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-24 11:04:30 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-24 12:25:33 +0200 |
| commit | 9e45a28ca467f08b9c01baf73d1849055e53ea0b (patch) | |
| tree | 1eb0c76d643e66383230428aac3054d6310d15c2 /src/cli.c | |
| parent | cebbd9678b7ee6f74b3bd4eefc23de5b27135799 (diff) | |
src: honor /etc/services
This partial patch reverts:
ccc5da470e76 ("datatype: Replace getnameinfo() by internal lookup table")
f0f99006d34b ("datatype: Replace getaddrinfo() by internal lookup table")
so /etc/services is used to interpret service names, eg.
# nft add rule x y tcp dport \"ssh\"
Then, listing looks like:
# nft list ruleset -l
table x {
chain y {
...
tcp dport "ssh"
}
}
Major changes with regards to the original approach are:
1) Services are displayed in text via `-l' option.
2) Services are user-defined, just like mappings in /etc/iproute2/*
files and connlabel.conf, so they are displayed enclosed in quotes.
Note that original service name code was broken since it parses both udp
and tcp service names but it only displays tcp services names as
literal. This is because NI_DGRAM is missing. This patch makes nft falls
back on udp services if no literal was found in the initial tcp service
name query. Proper way to handle would be to add infrastructure to store
protocol context information in struct output_ctx.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/cli.c')
0 files changed, 0 insertions, 0 deletions