diff options
-rw-r--r-- | doc/libnftables.adoc | 21 | ||||
-rw-r--r-- | doc/nft.txt | 4 | ||||
-rw-r--r-- | include/nftables.h | 5 | ||||
-rw-r--r-- | include/nftables/libnftables.h | 1 | ||||
-rw-r--r-- | src/main.c | 11 | ||||
-rw-r--r-- | src/rule.c | 3 |
6 files changed, 34 insertions, 11 deletions
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc index ea9626af..8ce1196f 100644 --- a/doc/libnftables.adoc +++ b/doc/libnftables.adoc @@ -80,16 +80,17 @@ The flags setting controls the output format. ---- enum { - NFT_CTX_OUTPUT_REVERSEDNS = (1 << 0), - NFT_CTX_OUTPUT_SERVICE = (1 << 1), - NFT_CTX_OUTPUT_STATELESS = (1 << 2), - NFT_CTX_OUTPUT_HANDLE = (1 << 3), - NFT_CTX_OUTPUT_JSON = (1 << 4), - NFT_CTX_OUTPUT_ECHO = (1 << 5), - NFT_CTX_OUTPUT_GUID = (1 << 6), - NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7), - NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8), + NFT_CTX_OUTPUT_REVERSEDNS = (1 << 0), + NFT_CTX_OUTPUT_SERVICE = (1 << 1), + NFT_CTX_OUTPUT_STATELESS = (1 << 2), + NFT_CTX_OUTPUT_HANDLE = (1 << 3), + NFT_CTX_OUTPUT_JSON = (1 << 4), + NFT_CTX_OUTPUT_ECHO = (1 << 5), + NFT_CTX_OUTPUT_GUID = (1 << 6), + NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7), + NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8), NFT_CTX_OUTPUT_NUMERIC_SYMBOL = (1 << 9), + NFT_CTX_OUTPUT_TERSE = (1 << 11), }; ---- @@ -123,6 +124,8 @@ NFT_CTX_OUTPUT_NUMERIC_SYMBOL:: Display expression datatype as numeric value. NFT_CTX_OUTPUT_NUMERIC_ALL:: Display all numerically. +NFT_CTX_OUTPUT_TERSE:: + If terse output has been requested, then the contents of sets are not printed. The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'. diff --git a/doc/nft.txt b/doc/nft.txt index 616640a8..2c790099 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -97,6 +97,10 @@ For a full summary of options, run *nft --help*. *--numeric-time*:: Show time, day and hour values in numeric format. +*-t*:: +*--terse*:: + Omit contents of sets from output. + INPUT FILE FORMATS ------------------ LEXICAL CONVENTIONS diff --git a/include/nftables.h b/include/nftables.h index 1ecf5ef5..21553c6b 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -90,6 +90,11 @@ static inline bool nft_output_numeric_symbol(const struct output_ctx *octx) return octx->flags & NFT_CTX_OUTPUT_NUMERIC_SYMBOL; } +static inline bool nft_output_terse(const struct output_ctx *octx) +{ + return octx->flags & NFT_CTX_OUTPUT_TERSE; +} + struct nft_cache { uint32_t genid; struct list_head list; diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h index 7a7a46f3..765b20dd 100644 --- a/include/nftables/libnftables.h +++ b/include/nftables/libnftables.h @@ -56,6 +56,7 @@ enum { NFT_CTX_OUTPUT_NUMERIC_ALL = (NFT_CTX_OUTPUT_NUMERIC_PROTO | NFT_CTX_OUTPUT_NUMERIC_PRIO | NFT_CTX_OUTPUT_NUMERIC_SYMBOL), + NFT_CTX_OUTPUT_TERSE = (1 << 11), }; unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx); @@ -43,9 +43,10 @@ enum opt_vals { OPT_NUMERIC_PRIO = 'y', OPT_NUMERIC_PROTO = 'p', OPT_NUMERIC_TIME = 'T', + OPT_TERSE = 't', OPT_INVALID = '?', }; -#define OPTSTRING "+hvcf:iI:jvnsNaeSupypT" +#define OPTSTRING "+hvcf:iI:jvnsNaeSupypTt" static const struct option options[] = { { @@ -120,6 +121,10 @@ static const struct option options[] = { .val = OPT_NUMERIC_TIME, }, { + .name = "terse", + .val = OPT_TERSE, + }, + { .name = NULL } }; @@ -140,6 +145,7 @@ static void show_help(const char *name) " -j, --json Format output in JSON\n" " -n, --numeric Print fully numerical output.\n" " -s, --stateless Omit stateful information of ruleset.\n" +" -t, --terse Omit contents of sets.\n" " -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n" " -N Translate IP addresses to names.\n" " -S, --service Translate ports to service names as described in /etc/services.\n" @@ -301,6 +307,9 @@ int main(int argc, char * const *argv) case OPT_NUMERIC_TIME: output_flags |= NFT_CTX_OUTPUT_NUMERIC_TIME; break; + case OPT_TERSE: + output_flags |= NFT_CTX_OUTPUT_TERSE; + break; case OPT_INVALID: exit(EXIT_FAILURE); } @@ -538,7 +538,8 @@ static void do_set_print(const struct set *set, struct print_fmt_options *opts, { set_print_declaration(set, opts, octx); - if (set->flags & NFT_SET_EVAL && nft_output_stateless(octx)) { + if ((set->flags & NFT_SET_EVAL && nft_output_stateless(octx)) || + nft_output_terse(octx)) { nft_print(octx, "%s}%s", opts->tab, opts->nl); return; } |