diff options
| -rw-r--r-- | doc/libnftables.adoc | 3 | ||||
| -rw-r--r-- | doc/nft.txt | 4 | ||||
| -rw-r--r-- | include/nftables.h | 5 | ||||
| -rw-r--r-- | include/nftables/libnftables.h | 1 | ||||
| -rw-r--r-- | src/main.c | 12 | ||||
| -rw-r--r-- | src/rule.c | 20 |
6 files changed, 33 insertions, 12 deletions
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc index dc3299f0..78819439 100644 --- a/doc/libnftables.adoc +++ b/doc/libnftables.adoc @@ -92,6 +92,7 @@ enum { NFT_CTX_OUTPUT_ECHO = (1 << 5), NFT_CTX_OUTPUT_GUID = (1 << 6), NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7), + NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8), }; ---- @@ -122,6 +123,8 @@ The *nft_ctx_output_get_flags*() function returns the output flags setting's val The *nft_ctx_output_set_flags*() function sets the output flags setting in 'ctx' to the value of 'val'. NFT_CTX_OUTPUT_NUMERIC_PROTO:: Display layer 4 protocol numerically. +NFT_CTX_OUTPUT_NUMERIC_PRIO:: + Display base chain priority numerically. === nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric() These functions allow control over value representation in library output. diff --git a/doc/nft.txt b/doc/nft.txt index 39527c4e..99ac0e33 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -56,6 +56,10 @@ For a full summary of options, run *nft --help*. *--guid**:: Translate numeric UID/GID to names as defined by /etc/passwd and /etc/group. +*-y*:: +*--numeric-priority**:: + Display base chain priority numerically. + *-c*:: *--check*:: Check commands validity without actually applying the changes. diff --git a/include/nftables.h b/include/nftables.h index d0031e84..a4d01e0c 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -68,6 +68,11 @@ static inline bool nft_output_numeric_proto(const struct output_ctx *octx) return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PROTO; } +static inline bool nft_output_numeric_prio(const struct output_ctx *octx) +{ + return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PRIO; +} + struct nft_cache { uint16_t genid; struct list_head list; diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h index 74f2dabb..fb81edc0 100644 --- a/include/nftables/libnftables.h +++ b/include/nftables/libnftables.h @@ -53,6 +53,7 @@ enum { NFT_CTX_OUTPUT_ECHO = (1 << 5), NFT_CTX_OUTPUT_GUID = (1 << 6), NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7), + NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8), }; unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx); @@ -40,10 +40,10 @@ enum opt_vals { OPT_HANDLE_OUTPUT = 'a', OPT_ECHO = 'e', OPT_GUID = 'u', + OPT_NUMERIC_PRIO = 'y', OPT_INVALID = '?', }; - -#define OPTSTRING "hvcf:iI:jvnsNaeSu" +#define OPTSTRING "hvcf:iI:jvnsNaeSupy" static const struct option options[] = { { @@ -110,6 +110,10 @@ static const struct option options[] = { .val = OPT_GUID, }, { + .name = "numeric-priority", + .val = OPT_NUMERIC_PRIO, + }, + { .name = NULL } }; @@ -135,6 +139,7 @@ static void show_help(const char *name) " -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n" " -N Translate IP addresses to names.\n" " -S, --service Translate ports to service names as described in /etc/services.\n" +" -y, --numeric-priority Print chain priority numerically.\n" " -a, --handle Output rule handle.\n" " -e, --echo Echo what has been added, inserted or replaced.\n" " -I, --includepath <directory> Add <directory> to the paths searched for include files. Default is: %s\n" @@ -285,6 +290,9 @@ int main(int argc, char * const *argv) case OPT_GUID: output_flags |= NFT_CTX_OUTPUT_GUID; break; + case OPT_NUMERIC_PRIO: + output_flags |= NFT_CTX_OUTPUT_NUMERIC_PRIO; + break; case OPT_INVALID: exit(EXIT_FAILURE); } @@ -946,8 +946,9 @@ int std_prio_lookup(const char *std_prio_name, int family, int hook) return NF_IP_PRI_LAST; } -static const char *prio2str(char *buf, size_t bufsize, int family, int hook, - int prio, int numeric) +static const char *prio2str(const struct output_ctx *octx, + char *buf, size_t bufsize, int family, int hook, + int prio) { const struct prio_tag *prio_arr; const char *std_prio_str; @@ -963,7 +964,7 @@ static const char *prio2str(char *buf, size_t bufsize, int family, int hook, arr_size = array_size(std_prios); } - if (numeric != NFT_NUMERIC_ALL) { + if (!nft_output_numeric_prio(octx)) { for (i = 0; i < arr_size; ++i) { std_prio = prio_arr[i].val; std_prio_str = prio_arr[i].str; @@ -1004,9 +1005,9 @@ static void chain_print_declaration(const struct chain *chain, if (chain->dev != NULL) nft_print(octx, " device %s", chain->dev); nft_print(octx, " priority %s; policy %s;\n", - prio2str(priobuf, sizeof(priobuf), + prio2str(octx, priobuf, sizeof(priobuf), chain->handle.family, chain->hooknum, - chain->priority.num, octx->numeric), + chain->priority.num), chain_policy2str(chain->policy)); } } @@ -1035,9 +1036,9 @@ void chain_print_plain(const struct chain *chain, struct output_ctx *octx) if (chain->flags & CHAIN_F_BASECHAIN) { nft_print(octx, " { type %s hook %s priority %s; policy %s; }", chain->type, chain->hookstr, - prio2str(priobuf, sizeof(priobuf), + prio2str(octx, priobuf, sizeof(priobuf), chain->handle.family, chain->hooknum, - chain->priority.num, octx->numeric), + chain->priority.num), chain_policy2str(chain->policy)); } if (nft_output_handle(octx)) @@ -1950,9 +1951,8 @@ static void flowtable_print_declaration(const struct flowtable *flowtable, nft_print(octx, "%s%shook %s priority %s%s", opts->tab, opts->tab, hooknum2str(NFPROTO_NETDEV, flowtable->hooknum), - prio2str(priobuf, sizeof(priobuf), NFPROTO_NETDEV, - flowtable->hooknum, flowtable->priority.num, - octx->numeric), + prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV, + flowtable->hooknum, flowtable->priority.num), opts->stmt_separator); nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab); |