From a42d2865bc7e96fe63276e22acd523d996aaf0a4 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 24 Oct 2018 17:37:47 +0200 Subject: src: Revert --literal, add -S/--service This is a partial revert of b0f6a45b25dd1 ("src: add --literal option") which was added during the development cycle before 0.9.1 is released. After looking at patch: https://patchwork.ozlabs.org/patch/969864/ that allows to print priority, uid, gid and protocols as numerics, I decided to revisit this to provide individual options to turn on literal printing. What I'm proposing is to provide a good default for everyone, and provide options to turn on literal/numeric printing. This patch adds nft_ctx_output_{set,get}_flags() and define two flags to enable reverse DNS lookups and to print ports as service names. This patch introduces -S/--services, to print service names as per /etc/services. Acked-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- include/nftables.h | 12 +++++++++++- include/nftables/libnftables.h | 17 +++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/nftables.h b/include/nftables.h index 1009e266..86b44f17 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -16,9 +16,9 @@ struct cookie { }; struct output_ctx { + unsigned int flags; unsigned int numeric; unsigned int stateless; - unsigned int literal; unsigned int handle; unsigned int echo; unsigned int json; @@ -32,6 +32,16 @@ struct output_ctx { }; }; +static inline bool nft_output_reversedns(const struct output_ctx *octx) +{ + return octx->flags & NFT_CTX_OUTPUT_REVERSEDNS; +} + +static inline bool nft_output_service(const struct output_ctx *octx) +{ + return octx->flags & NFT_CTX_OUTPUT_SERVICE; +} + struct nft_cache { uint16_t genid; struct list_head list; diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h index dee099f2..321441b0 100644 --- a/include/nftables/libnftables.h +++ b/include/nftables/libnftables.h @@ -33,12 +33,6 @@ enum nft_numeric_level { NFT_NUMERIC_ALL, }; -enum nft_literal_level { - NFT_LITERAL_NONE, - NFT_LITERAL_PORT, - NFT_LITERAL_ADDR, -}; - /** * Possible flags to pass to nft_ctx_new() */ @@ -49,12 +43,19 @@ void nft_ctx_free(struct nft_ctx *ctx); bool nft_ctx_get_dry_run(struct nft_ctx *ctx); void nft_ctx_set_dry_run(struct nft_ctx *ctx, bool dry); + +enum { + NFT_CTX_OUTPUT_REVERSEDNS = (1 << 0), + NFT_CTX_OUTPUT_SERVICE = (1 << 1), +}; + +unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx); +void nft_ctx_output_set_flags(struct nft_ctx *ctx, unsigned int flags); + enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx); void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level); bool nft_ctx_output_get_stateless(struct nft_ctx *ctx); void nft_ctx_output_set_stateless(struct nft_ctx *ctx, bool val); -enum nft_literal_level nft_ctx_output_get_literal(struct nft_ctx *ctx); -void nft_ctx_output_set_literal(struct nft_ctx *ctx, enum nft_literal_level val); unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx); void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask); bool nft_ctx_output_get_handle(struct nft_ctx *ctx); -- cgit v1.2.3