From 856789c1546c6356e9b61289db6c5c5f92213145 Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Sun, 9 Jun 2013 01:08:46 +0200
Subject: rule: display hook info

It was not possible to restore a ruleset because of missing
hook information. This patch adds hooknum output to list
operation.

[ Mangled this patch to use a string array mapping hook numbers
  and name --pablo ]

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/rule.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'src/rule.c')

diff --git a/src/rule.c b/src/rule.c
index e7627a7e..5a894cc9 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -19,6 +19,8 @@
 #include <rule.h>
 #include <utils.h>
 
+#include <netinet/ip.h>
+#include <linux/netfilter.h>
 
 void handle_free(struct handle *h)
 {
@@ -224,11 +226,32 @@ struct chain *chain_lookup(const struct table *table, const struct handle *h)
 	return NULL;
 }
 
+static const char *hooknum2str_array[NF_INET_NUMHOOKS] = {
+	[NF_INET_PRE_ROUTING]	= "NF_INET_PRE_ROUTING",
+	[NF_INET_LOCAL_IN]	= "NF_INET_LOCAL_IN",
+	[NF_INET_FORWARD]	= "NF_INET_FORWARD",
+	[NF_INET_LOCAL_OUT]	= "NF_INET_LOCAL_OUT",
+	[NF_INET_POST_ROUTING]	= "NF_INET_POST_ROUTING",
+};
+
+static const char *hooknum2str(unsigned int hooknum)
+{
+	if (hooknum >= NF_INET_NUMHOOKS)
+		return "UNKNOWN";
+
+	return hooknum2str_array[hooknum];
+}
+
 static void chain_print(const struct chain *chain)
 {
 	struct rule *rule;
 
 	printf("\tchain %s {\n", chain->handle.chain);
+	if (chain->hooknum) {
+		printf("\t\t hook %s %u;\n",
+		hooknum2str(chain->hooknum),
+		chain->priority);
+	}
 	list_for_each_entry(rule, &chain->rules, list) {
 		printf("\t\t");
 		rule_print(rule);
-- 
cgit v1.2.3