diff options
| -rw-r--r-- | doc/libnftables.adoc | 39 | ||||
| -rw-r--r-- | doc/nft.txt | 5 | ||||
| -rw-r--r-- | include/nftables.h | 6 | ||||
| -rw-r--r-- | include/nftables/libnftables.h | 13 | ||||
| -rw-r--r-- | src/datatype.c | 2 | ||||
| -rw-r--r-- | src/json.c | 2 | ||||
| -rw-r--r-- | src/libnftables.c | 11 | ||||
| -rw-r--r-- | src/main.c | 14 | ||||
| -rw-r--r-- | src/monitor.c | 8 | ||||
| -rwxr-xr-x | tests/shell/testcases/netns/0001nft-f_0 | 2 | ||||
| -rwxr-xr-x | tests/shell/testcases/netns/0002loosecommands_0 | 2 | ||||
| -rwxr-xr-x | tests/shell/testcases/netns/0003many_0 | 2 |
12 files changed, 24 insertions, 82 deletions
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc index 78819439..00750678 100644 --- a/doc/libnftables.adoc +++ b/doc/libnftables.adoc @@ -21,10 +21,6 @@ void nft_ctx_set_dry_run(struct nft_ctx* '\*ctx'*, bool* 'dry'*); unsigned int nft_ctx_output_get_flags(struct nft_ctx* '\*ctx'*); void nft_ctx_output_set_flags(struct nft_ctx* '\*ctx'*, unsigned int* 'flags'*); -enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx* '\*ctx'*); -void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*, - enum nft_numeric_level* 'level'*); - unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*); void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*); @@ -125,37 +121,10 @@ NFT_CTX_OUTPUT_NUMERIC_PROTO:: Display layer 4 protocol numerically. NFT_CTX_OUTPUT_NUMERIC_PRIO:: Display base chain priority numerically. - -=== nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric() -These functions allow control over value representation in library output. -For instance, port numbers by default are printed by their name (as listed in '/etc/services' file), if known. -In libnftables, numeric output is leveled, defined as such: - ----- -enum nft_numeric_level { - NFT_NUMERIC_NONE, - NFT_NUMERIC_ADDR, - NFT_NUMERIC_PORT, - NFT_NUMERIC_ALL, -}; ----- - -Each numeric level includes all previous ones: - -NFT_NUMERIC_NONE:: - No conversion into numeric format happens, this is the default. -NFT_NUMERIC_ADDR:: - Network addresses are always converted into numeric format. -NFT_NUMERIC_PORT:: - Network services are always converted into numeric format. -NFT_NUMERIC_ALL:: - Everything is converted into numeric format. - -The default numeric level is *NFT_NUMERIC_NONE*. - -The *nft_ctx_output_get_numeric*() function returns the numeric output setting's value contained in 'ctx'. - -The *nft_ctx_output_set_numeric*() function sets the numeric output setting in 'ctx' to the value of 'level'. +NFT_CTX_OUTPUT_NUMERIC_SYMBOL:: + Display expression datatype as numeric value. +NFT_CTX_OUTPUT_NUMERIC_ALL:: + Display all numerically. === nft_ctx_output_get_debug() and nft_ctx_output_set_debug() Libnftables supports separate debugging of different parts of its internals. diff --git a/doc/nft.txt b/doc/nft.txt index 99ac0e33..8e18d908 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -34,10 +34,7 @@ For a full summary of options, run *nft --help*. *-n*:: *--numeric*:: - Show data numerically. When used once (the default behaviour), skip - lookup of addresses to symbolic names. Use twice to also show Internet - services (port numbers) numerically. Use three times to also show - protocols, UIDs/GIDs and priorities numerically. + Print fully numerical output. *-s*:: *--stateless*:: diff --git a/include/nftables.h b/include/nftables.h index a4d01e0c..5c029261 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -17,7 +17,6 @@ struct cookie { struct output_ctx { unsigned int flags; - unsigned int numeric; union { FILE *output_fp; struct cookie output_cookie; @@ -73,6 +72,11 @@ static inline bool nft_output_numeric_prio(const struct output_ctx *octx) return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PRIO; } +static inline bool nft_output_numeric_symbol(const struct output_ctx *octx) +{ + return octx->flags & NFT_CTX_OUTPUT_NUMERIC_SYMBOL; +} + struct nft_cache { uint16_t genid; struct list_head list; diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h index fb81edc0..70e9d238 100644 --- a/include/nftables/libnftables.h +++ b/include/nftables/libnftables.h @@ -26,13 +26,6 @@ enum nft_debug_level { NFT_DEBUG_SEGTREE = 0x40, }; -enum nft_numeric_level { - NFT_NUMERIC_NONE, - NFT_NUMERIC_ADDR, - NFT_NUMERIC_PORT, - NFT_NUMERIC_ALL, -}; - /** * Possible flags to pass to nft_ctx_new() */ @@ -54,13 +47,15 @@ enum { NFT_CTX_OUTPUT_GUID = (1 << 6), NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7), NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8), + NFT_CTX_OUTPUT_NUMERIC_SYMBOL = (1 << 9), + NFT_CTX_OUTPUT_NUMERIC_ALL = (NFT_CTX_OUTPUT_NUMERIC_PROTO | + NFT_CTX_OUTPUT_NUMERIC_PRIO | + NFT_CTX_OUTPUT_NUMERIC_SYMBOL), }; unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx); void nft_ctx_output_set_flags(struct nft_ctx *ctx, unsigned int flags); -enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx); -void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level); unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx); void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask); diff --git a/src/datatype.c b/src/datatype.c index bfb70a6e..6af1c843 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -196,7 +196,7 @@ void symbolic_constant_print(const struct symbol_table *tbl, if (quotes) nft_print(octx, "\""); - if (octx->numeric > NFT_NUMERIC_ALL) + if (nft_output_numeric_symbol(octx)) nft_print(octx, "%" PRIu64 "", val); else nft_print(octx, "%s", s->identifier); @@ -812,7 +812,7 @@ static json_t *symbolic_constant_json(const struct symbol_table *tbl, if (!s->identifier) return expr_basetype(expr)->json(expr, octx); - if (octx->numeric > NFT_NUMERIC_ALL) + if (nft_output_numeric_symbol(octx)) return json_integer(val); else return json_string(s->identifier); diff --git a/src/libnftables.c b/src/libnftables.c index 03c15fba..bd79cd60 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -312,17 +312,6 @@ void nft_ctx_set_dry_run(struct nft_ctx *ctx, bool dry) ctx->check = dry; } -enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx) -{ - return ctx->output.numeric; -} - -void nft_ctx_output_set_numeric(struct nft_ctx *ctx, - enum nft_numeric_level level) -{ - ctx->output.numeric = level; -} - unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx) { return ctx->output.flags; @@ -132,9 +132,7 @@ static void show_help(const char *name) " -i, --interactive Read input from interactive CLI\n" "\n" " -j, --json Format output in JSON\n" -" -n, --numeric When specified once, show network addresses numerically (default behaviour).\n" -" Specify twice to also show Internet services (port numbers) numerically.\n" -" Specify three times to also show protocols, user IDs, and group IDs numerically.\n" +" -n, --numeric Print fully numerical output.\n" " -s, --stateless Omit stateful information of ruleset.\n" " -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n" " -N Translate IP addresses to names.\n" @@ -189,7 +187,6 @@ static const struct { int main(int argc, char * const *argv) { char *buf = NULL, *filename = NULL; - enum nft_numeric_level numeric; unsigned int output_flags = 0; bool interactive = false; unsigned int debug_mask; @@ -229,14 +226,7 @@ int main(int argc, char * const *argv) } break; case OPT_NUMERIC: - numeric = nft_ctx_output_get_numeric(nft); - if (numeric == NFT_NUMERIC_ALL) { - fprintf(stderr, "Too many numeric options " - "used, max. %u\n", - NFT_NUMERIC_ALL); - exit(EXIT_FAILURE); - } - nft_ctx_output_set_numeric(nft, numeric + 1); + output_flags |= NFT_CTX_OUTPUT_NUMERIC_ALL; break; case OPT_STATELESS: output_flags |= NFT_CTX_OUTPUT_STATELESS; diff --git a/src/monitor.c b/src/monitor.c index b2267e1f..0e735ed5 100644 --- a/src/monitor.c +++ b/src/monitor.c @@ -835,11 +835,9 @@ static int netlink_events_newgen_cb(const struct nlmsghdr *nlh, int type, } if (genid >= 0) { nft_mon_print(monh, "# new generation %d", genid); - if (pid >= 0) { - nft_mon_print(monh, " by process %d", pid); - if (!monh->ctx->nft->output.numeric) - nft_mon_print(monh, " (%s)", name); - } + if (pid >= 0) + nft_mon_print(monh, " by process %d (%s)", pid, name); + nft_mon_print(monh, "\n"); } diff --git a/tests/shell/testcases/netns/0001nft-f_0 b/tests/shell/testcases/netns/0001nft-f_0 index 64249826..83448087 100755 --- a/tests/shell/testcases/netns/0001nft-f_0 +++ b/tests/shell/testcases/netns/0001nft-f_0 @@ -90,7 +90,7 @@ if [ $? -ne 0 ] ; then exit 1 fi -KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)" +KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)" $IP netns del $NETNS_NAME if [ "$RULESET" != "$KERNEL_RULESET" ] ; then DIFF="$(which diff)" diff --git a/tests/shell/testcases/netns/0002loosecommands_0 b/tests/shell/testcases/netns/0002loosecommands_0 index 3910446a..e6278280 100755 --- a/tests/shell/testcases/netns/0002loosecommands_0 +++ b/tests/shell/testcases/netns/0002loosecommands_0 @@ -53,7 +53,7 @@ RULESET="table ip t { } }" -KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)" +KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)" $IP netns del $NETNS_NAME if [ "$RULESET" != "$KERNEL_RULESET" ] ; then DIFF="$(which diff)" diff --git a/tests/shell/testcases/netns/0003many_0 b/tests/shell/testcases/netns/0003many_0 index 5ec4b2e4..61ad37bd 100755 --- a/tests/shell/testcases/netns/0003many_0 +++ b/tests/shell/testcases/netns/0003many_0 @@ -94,7 +94,7 @@ function test_netns() exit 1 fi - KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)" + KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)" if [ "$RULESET" != "$KERNEL_RULESET" ] ; then echo "E: ruleset in netns $NETNS_NAME differs from the loaded" >&2 DIFF="$(which diff)" |