From 505794f75f2a342e8f8115eb0f04965979f2b634 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 29 Oct 2018 16:03:32 +0100 Subject: src: get rid of nft_ctx_output_{get,set}_numeric() This patch adds NFT_CTX_OUTPUT_NUMERIC_SYMBOL, which replaces the last client of the numeric level approach. This patch updates `-n' option semantics to display all output numerically. Note that monitor code was still using the -n option to skip printing the process name, this patch updates that path too to print it inconditionally to simplify things. Given the numeric levels have no more clients after this patch, remove that code. Update several tests/shell not to use -nn. This patch adds NFT_CTX_OUTPUT_NUMERIC_ALL which enables all flags to provide a fully numerical output. Acked-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- doc/libnftables.adoc | 39 +++---------------------- doc/nft.txt | 5 +--- include/nftables.h | 6 +++- include/nftables/libnftables.h | 13 +++------ src/datatype.c | 2 +- src/json.c | 2 +- src/libnftables.c | 11 ------- src/main.c | 14 ++------- src/monitor.c | 8 ++--- tests/shell/testcases/netns/0001nft-f_0 | 2 +- tests/shell/testcases/netns/0002loosecommands_0 | 2 +- tests/shell/testcases/netns/0003many_0 | 2 +- 12 files changed, 24 insertions(+), 82 deletions(-) diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc index 78819439..00750678 100644 --- a/doc/libnftables.adoc +++ b/doc/libnftables.adoc @@ -21,10 +21,6 @@ void nft_ctx_set_dry_run(struct nft_ctx* '\*ctx'*, bool* 'dry'*); unsigned int nft_ctx_output_get_flags(struct nft_ctx* '\*ctx'*); void nft_ctx_output_set_flags(struct nft_ctx* '\*ctx'*, unsigned int* 'flags'*); -enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx* '\*ctx'*); -void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*, - enum nft_numeric_level* 'level'*); - unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*); void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*); @@ -125,37 +121,10 @@ NFT_CTX_OUTPUT_NUMERIC_PROTO:: Display layer 4 protocol numerically. NFT_CTX_OUTPUT_NUMERIC_PRIO:: Display base chain priority numerically. - -=== nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric() -These functions allow control over value representation in library output. -For instance, port numbers by default are printed by their name (as listed in '/etc/services' file), if known. -In libnftables, numeric output is leveled, defined as such: - ----- -enum nft_numeric_level { - NFT_NUMERIC_NONE, - NFT_NUMERIC_ADDR, - NFT_NUMERIC_PORT, - NFT_NUMERIC_ALL, -}; ----- - -Each numeric level includes all previous ones: - -NFT_NUMERIC_NONE:: - No conversion into numeric format happens, this is the default. -NFT_NUMERIC_ADDR:: - Network addresses are always converted into numeric format. -NFT_NUMERIC_PORT:: - Network services are always converted into numeric format. -NFT_NUMERIC_ALL:: - Everything is converted into numeric format. - -The default numeric level is *NFT_NUMERIC_NONE*. - -The *nft_ctx_output_get_numeric*() function returns the numeric output setting's value contained in 'ctx'. - -The *nft_ctx_output_set_numeric*() function sets the numeric output setting in 'ctx' to the value of 'level'. +NFT_CTX_OUTPUT_NUMERIC_SYMBOL:: + Display expression datatype as numeric value. +NFT_CTX_OUTPUT_NUMERIC_ALL:: + Display all numerically. === nft_ctx_output_get_debug() and nft_ctx_output_set_debug() Libnftables supports separate debugging of different parts of its internals. diff --git a/doc/nft.txt b/doc/nft.txt index 99ac0e33..8e18d908 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -34,10 +34,7 @@ For a full summary of options, run *nft --help*. *-n*:: *--numeric*:: - Show data numerically. When used once (the default behaviour), skip - lookup of addresses to symbolic names. Use twice to also show Internet - services (port numbers) numerically. Use three times to also show - protocols, UIDs/GIDs and priorities numerically. + Print fully numerical output. *-s*:: *--stateless*:: diff --git a/include/nftables.h b/include/nftables.h index a4d01e0c..5c029261 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -17,7 +17,6 @@ struct cookie { struct output_ctx { unsigned int flags; - unsigned int numeric; union { FILE *output_fp; struct cookie output_cookie; @@ -73,6 +72,11 @@ static inline bool nft_output_numeric_prio(const struct output_ctx *octx) return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PRIO; } +static inline bool nft_output_numeric_symbol(const struct output_ctx *octx) +{ + return octx->flags & NFT_CTX_OUTPUT_NUMERIC_SYMBOL; +} + struct nft_cache { uint16_t genid; struct list_head list; diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h index fb81edc0..70e9d238 100644 --- a/include/nftables/libnftables.h +++ b/include/nftables/libnftables.h @@ -26,13 +26,6 @@ enum nft_debug_level { NFT_DEBUG_SEGTREE = 0x40, }; -enum nft_numeric_level { - NFT_NUMERIC_NONE, - NFT_NUMERIC_ADDR, - NFT_NUMERIC_PORT, - NFT_NUMERIC_ALL, -}; - /** * Possible flags to pass to nft_ctx_new() */ @@ -54,13 +47,15 @@ enum { NFT_CTX_OUTPUT_GUID = (1 << 6), NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7), NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8), + NFT_CTX_OUTPUT_NUMERIC_SYMBOL = (1 << 9), + NFT_CTX_OUTPUT_NUMERIC_ALL = (NFT_CTX_OUTPUT_NUMERIC_PROTO | + NFT_CTX_OUTPUT_NUMERIC_PRIO | + NFT_CTX_OUTPUT_NUMERIC_SYMBOL), }; unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx); void nft_ctx_output_set_flags(struct nft_ctx *ctx, unsigned int flags); -enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx); -void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level); unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx); void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask); diff --git a/src/datatype.c b/src/datatype.c index bfb70a6e..6af1c843 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -196,7 +196,7 @@ void symbolic_constant_print(const struct symbol_table *tbl, if (quotes) nft_print(octx, "\""); - if (octx->numeric > NFT_NUMERIC_ALL) + if (nft_output_numeric_symbol(octx)) nft_print(octx, "%" PRIu64 "", val); else nft_print(octx, "%s", s->identifier); diff --git a/src/json.c b/src/json.c index 8a2bcd65..fc92d464 100644 --- a/src/json.c +++ b/src/json.c @@ -812,7 +812,7 @@ static json_t *symbolic_constant_json(const struct symbol_table *tbl, if (!s->identifier) return expr_basetype(expr)->json(expr, octx); - if (octx->numeric > NFT_NUMERIC_ALL) + if (nft_output_numeric_symbol(octx)) return json_integer(val); else return json_string(s->identifier); diff --git a/src/libnftables.c b/src/libnftables.c index 03c15fba..bd79cd60 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -312,17 +312,6 @@ void nft_ctx_set_dry_run(struct nft_ctx *ctx, bool dry) ctx->check = dry; } -enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx) -{ - return ctx->output.numeric; -} - -void nft_ctx_output_set_numeric(struct nft_ctx *ctx, - enum nft_numeric_level level) -{ - ctx->output.numeric = level; -} - unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx) { return ctx->output.flags; diff --git a/src/main.c b/src/main.c index 883261fc..1f01a6c0 100644 --- a/src/main.c +++ b/src/main.c @@ -132,9 +132,7 @@ static void show_help(const char *name) " -i, --interactive Read input from interactive CLI\n" "\n" " -j, --json Format output in JSON\n" -" -n, --numeric When specified once, show network addresses numerically (default behaviour).\n" -" Specify twice to also show Internet services (port numbers) numerically.\n" -" Specify three times to also show protocols, user IDs, and group IDs numerically.\n" +" -n, --numeric Print fully numerical output.\n" " -s, --stateless Omit stateful information of ruleset.\n" " -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n" " -N Translate IP addresses to names.\n" @@ -189,7 +187,6 @@ static const struct { int main(int argc, char * const *argv) { char *buf = NULL, *filename = NULL; - enum nft_numeric_level numeric; unsigned int output_flags = 0; bool interactive = false; unsigned int debug_mask; @@ -229,14 +226,7 @@ int main(int argc, char * const *argv) } break; case OPT_NUMERIC: - numeric = nft_ctx_output_get_numeric(nft); - if (numeric == NFT_NUMERIC_ALL) { - fprintf(stderr, "Too many numeric options " - "used, max. %u\n", - NFT_NUMERIC_ALL); - exit(EXIT_FAILURE); - } - nft_ctx_output_set_numeric(nft, numeric + 1); + output_flags |= NFT_CTX_OUTPUT_NUMERIC_ALL; break; case OPT_STATELESS: output_flags |= NFT_CTX_OUTPUT_STATELESS; diff --git a/src/monitor.c b/src/monitor.c index b2267e1f..0e735ed5 100644 --- a/src/monitor.c +++ b/src/monitor.c @@ -835,11 +835,9 @@ static int netlink_events_newgen_cb(const struct nlmsghdr *nlh, int type, } if (genid >= 0) { nft_mon_print(monh, "# new generation %d", genid); - if (pid >= 0) { - nft_mon_print(monh, " by process %d", pid); - if (!monh->ctx->nft->output.numeric) - nft_mon_print(monh, " (%s)", name); - } + if (pid >= 0) + nft_mon_print(monh, " by process %d (%s)", pid, name); + nft_mon_print(monh, "\n"); } diff --git a/tests/shell/testcases/netns/0001nft-f_0 b/tests/shell/testcases/netns/0001nft-f_0 index 64249826..83448087 100755 --- a/tests/shell/testcases/netns/0001nft-f_0 +++ b/tests/shell/testcases/netns/0001nft-f_0 @@ -90,7 +90,7 @@ if [ $? -ne 0 ] ; then exit 1 fi -KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)" +KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)" $IP netns del $NETNS_NAME if [ "$RULESET" != "$KERNEL_RULESET" ] ; then DIFF="$(which diff)" diff --git a/tests/shell/testcases/netns/0002loosecommands_0 b/tests/shell/testcases/netns/0002loosecommands_0 index 3910446a..e6278280 100755 --- a/tests/shell/testcases/netns/0002loosecommands_0 +++ b/tests/shell/testcases/netns/0002loosecommands_0 @@ -53,7 +53,7 @@ RULESET="table ip t { } }" -KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)" +KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)" $IP netns del $NETNS_NAME if [ "$RULESET" != "$KERNEL_RULESET" ] ; then DIFF="$(which diff)" diff --git a/tests/shell/testcases/netns/0003many_0 b/tests/shell/testcases/netns/0003many_0 index 5ec4b2e4..61ad37bd 100755 --- a/tests/shell/testcases/netns/0003many_0 +++ b/tests/shell/testcases/netns/0003many_0 @@ -94,7 +94,7 @@ function test_netns() exit 1 fi - KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)" + KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)" if [ "$RULESET" != "$KERNEL_RULESET" ] ; then echo "E: ruleset in netns $NETNS_NAME differs from the loaded" >&2 DIFF="$(which diff)" -- cgit v1.2.3