[PATCH nft 3/5] src: add nft_ctx_output_{get,set}_handle() to nft_ctx_output_{get,set}_flags

[Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>]

Add NFT_CTX_OUTPUT_HANDLE flag and print handle that uniquely identify
objects from new output flags interface.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 doc/libnftables.adoc           | 17 +++--------------
 include/nftables/libnftables.h |  3 +--
 src/libnftables.c              | 10 ----------
 src/main.c                     |  2 +-
 src/rule.c                     | 22 +++++++++++-----------
 5 files changed, 16 insertions(+), 38 deletions(-)

diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index c837c2d251bc..8b7aee9af134 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -28,9 +28,6 @@ void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*,
 unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*);
 void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*);
 
-bool nft_ctx_output_get_handle(struct nft_ctx* '\*ctx'*);
-void nft_ctx_output_set_handle(struct nft_ctx* '\*ctx'*, bool* 'val'*);
-
 bool nft_ctx_output_get_echo(struct nft_ctx* '\*ctx'*);
 void nft_ctx_output_set_echo(struct nft_ctx* '\*ctx'*, bool* 'val'*);
 
@@ -96,6 +93,7 @@ enum {
         NFT_CTX_OUTPUT_REVERSEDNS  = (1 << 0),
         NFT_CTX_OUTPUT_SERVICE     = (1 << 1),
         NFT_CTX_OUTPUT_STATELESS   = (1 << 2),
+        NFT_CTX_OUTPUT_HANDLE      = (1 << 3),
 };
 ----
 
@@ -105,6 +103,8 @@ NFT_CTX_OUTPUT_SERVICE::
 	Print port numbers as services as described in the /etc/services file.
 NFT_CTX_OUTPUT_STATELESS::
 	If stateless output has been requested then stateful data is not printed. Stateful data refers to those objects that carry run-time data, eg. the *counter* statement holds packet and byte counter values, making it stateful.
+NFT_CTX_OUTPUT_HANDLE::
+	Upon insertion into the ruleset, some elements are assigned a unique handle for identification purposes. For example, when deleting a table or chain, it may be identified either by name or handle. Rules on the other hand must be deleted by handle because there is no other way to uniquely identify them. These functions allow to control whether ruleset listings should include handles or not.
 
 The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
 
@@ -177,17 +177,6 @@ The *nft_ctx_output_get_debug*() function returns the debug output setting's val
 
 The *nft_ctx_output_set_debug*() function sets the debug output setting in 'ctx' to the value of 'mask'.
 
-=== nft_ctx_output_get_handle() and nft_ctx_output_set_handle()
-Upon insertion into the ruleset, some elements are assigned a unique handle for identification purposes.
-For example, when deleting a table or chain, it may be identified either by name or handle.
-Rules on the other hand must be deleted by handle because there is no other way to uniquely identify them.
-These functions allow to control whether ruleset listings should include handles or not.
-The default setting is *false*.
-
-The *nft_ctx_output_get_handle*() function returns the handle output setting's value in 'ctx'.
-
-The *nft_ctx_output_set_handle*() function sets the handle output setting in 'ctx' to the value of 'val'.
-
 === nft_ctx_output_get_echo() and nft_ctx_output_set_echo()
 The echo setting makes libnftables print the changes once they are committed to the kernel, just like a running instance of *nft monitor* would.
 Amongst other things, this allows to retrieve an added rule's handle atomically.
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index 4f1c10901b1b..a6ce938305c3 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -48,6 +48,7 @@ enum {
 	NFT_CTX_OUTPUT_REVERSEDNS	= (1 << 0),
 	NFT_CTX_OUTPUT_SERVICE		= (1 << 1),
 	NFT_CTX_OUTPUT_STATELESS	= (1 << 2),
+	NFT_CTX_OUTPUT_HANDLE		= (1 << 3),
 };
 
 unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
@@ -57,8 +58,6 @@ enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
 void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level);
 unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
 void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
-bool nft_ctx_output_get_handle(struct nft_ctx *ctx);
-void nft_ctx_output_set_handle(struct nft_ctx *ctx, bool val);
 bool nft_ctx_output_get_echo(struct nft_ctx *ctx);
 void nft_ctx_output_set_echo(struct nft_ctx *ctx, bool val);
 bool nft_ctx_output_get_json(struct nft_ctx *ctx);
diff --git a/src/libnftables.c b/src/libnftables.c
index a3abb21d0a7a..91f51356d351 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -342,16 +342,6 @@ void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask)
 	ctx->debug_mask = mask;
 }
 
-bool nft_ctx_output_get_handle(struct nft_ctx *ctx)
-{
-	return ctx->output.handle;
-}
-
-void nft_ctx_output_set_handle(struct nft_ctx *ctx, bool val)
-{
-	ctx->output.handle = val;
-}
-
 bool nft_ctx_output_get_echo(struct nft_ctx *ctx)
 {
 	return ctx->output.echo;
diff --git a/src/main.c b/src/main.c
index 129ba7770e33..437fea71b534 100644
--- a/src/main.c
+++ b/src/main.c
@@ -265,7 +265,7 @@ int main(int argc, char * const *argv)
 			nft_ctx_output_set_debug(nft, debug_mask);
 			break;
 		case OPT_HANDLE_OUTPUT:
-			nft_ctx_output_set_handle(nft, true);
+			output_flags |= NFT_CTX_OUTPUT_HANDLE;
 			break;
 		case OPT_ECHO:
 			nft_ctx_output_set_echo(nft, true);
diff --git a/src/rule.c b/src/rule.c
index 63da3306db3b..779a10a77721 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -412,7 +412,7 @@ static void set_print_declaration(const struct set *set,
 
 	nft_print(octx, " %s {", set->handle.set.name);
 
-	if (octx->handle > 0)
+	if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 		nft_print(octx, " # handle %" PRIu64, set->handle.handle.id);
 	nft_print(octx, "%s", opts->nl);
 	nft_print(octx, "%s%stype %s",
@@ -567,7 +567,7 @@ void rule_print(const struct rule *rule, struct output_ctx *octx)
 	if (rule->comment)
 		nft_print(octx, " comment \"%s\"", rule->comment);
 
-	if (octx->handle > 0)
+	if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 		nft_print(octx, " # handle %" PRIu64, rule->handle.handle.id);
 }
 
@@ -995,7 +995,7 @@ static void chain_print_declaration(const struct chain *chain,
 	char priobuf[STD_PRIO_BUFSIZE];
 
 	nft_print(octx, "\tchain %s {", chain->handle.chain.name);
-	if (octx->handle > 0)
+	if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 		nft_print(octx, " # handle %" PRIu64, chain->handle.handle.id);
 	nft_print(octx, "\n");
 	if (chain->flags & CHAIN_F_BASECHAIN) {
@@ -1040,7 +1040,7 @@ void chain_print_plain(const struct chain *chain, struct output_ctx *octx)
 				   chain->priority.num, octx->numeric),
 			  chain_policy2str(chain->policy));
 	}
-	if (octx->handle > 0)
+	if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 		nft_print(octx, " # handle %" PRIu64, chain->handle.handle.id);
 }
 
@@ -1137,7 +1137,7 @@ static void table_print(const struct table *table, struct output_ctx *octx)
 	const char *family = family2str(table->handle.family);
 
 	nft_print(octx, "table %s %s {", family, table->handle.table.name);
-	if (octx->handle > 0)
+	if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 		nft_print(octx, " # handle %" PRIu64, table->handle.handle.id);
 	nft_print(octx, "\n");
 	table_print_options(table, &delim, octx);
@@ -1680,7 +1680,7 @@ static void obj_print_data(const struct obj *obj,
 	switch (obj->type) {
 	case NFT_OBJECT_COUNTER:
 		nft_print(octx, " %s {", obj->handle.obj.name);
-		if (octx->handle > 0)
+		if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 			nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
 		nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
 		if (octx->stateless) {
@@ -1695,7 +1695,7 @@ static void obj_print_data(const struct obj *obj,
 		uint64_t bytes;
 
 		nft_print(octx, " %s {", obj->handle.obj.name);
-		if (octx->handle > 0)
+		if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 			nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
 		nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
 		data_unit = get_rate(obj->quota.bytes, &bytes);
@@ -1712,14 +1712,14 @@ static void obj_print_data(const struct obj *obj,
 		break;
 	case NFT_OBJECT_SECMARK:
 		nft_print(octx, " %s {", obj->handle.obj.name);
-		if (octx->handle > 0)
+		if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 			nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
 		nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
 		nft_print(octx, "%s", obj->secmark.ctx);
 		break;
 	case NFT_OBJECT_CT_HELPER:
 		nft_print(octx, " %s {", obj->handle.obj.name);
-		if (octx->handle > 0)
+		if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 			nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
 		nft_print(octx, "%s", opts->nl);
 		nft_print(octx, "%s%stype \"%s\" protocol ",
@@ -1733,7 +1733,7 @@ static void obj_print_data(const struct obj *obj,
 		break;
 	case NFT_OBJECT_CT_TIMEOUT:
 		nft_print(octx, " %s {", obj->handle.obj.name);
-		if (octx->handle > 0)
+		if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 			nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
 		nft_print(octx, "%s", opts->nl);
 		nft_print(octx, "%s%sprotocol ", opts->tab, opts->tab);
@@ -1752,7 +1752,7 @@ static void obj_print_data(const struct obj *obj,
 		uint64_t rate;
 
 		nft_print(octx, " %s {", obj->handle.obj.name);
-		if (octx->handle > 0)
+		if (octx->flags & NFT_CTX_OUTPUT_HANDLE)
 			nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
 		nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
 		switch (obj->limit.type) {
-- 
2.11.0