[PATCH nft 2/5] src: add nft_ctx_output_{get,set}_stateless() to nft_ctx_output_{get,flags}_flags

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Add NFT_CTX_OUTPUT_STATELESS flag and enable stateless printing from new
output flags interface.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 doc/libnftables.adoc           | 17 +++--------------
 include/nftables/libnftables.h |  3 +--
 src/expression.c               |  2 +-
 src/json.c                     |  8 ++++----
 src/libnftables.c              | 10 ----------
 src/main.c                     |  2 +-
 src/statement.c                | 16 ++++++++--------
 7 files changed, 18 insertions(+), 40 deletions(-)

diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index 1c6ea0152d13..c837c2d251bc 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -25,9 +25,6 @@ enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx* '\*ctx'*);
 void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*,
 				enum nft_numeric_level* 'level'*);
 
-bool nft_ctx_output_get_stateless(struct nft_ctx* '\*ctx'*);
-void nft_ctx_output_set_stateless(struct nft_ctx* '\*ctx'*, bool* 'val'*);
-
 unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*);
 void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*);
 
@@ -98,6 +95,7 @@ The flags setting controls the output format.
 enum {
         NFT_CTX_OUTPUT_REVERSEDNS  = (1 << 0),
         NFT_CTX_OUTPUT_SERVICE     = (1 << 1),
+        NFT_CTX_OUTPUT_STATELESS   = (1 << 2),
 };
 ----
 
@@ -105,6 +103,8 @@ NFT_CTX_OUTPUT_REVERSEDNS::
 	Perform reverse DNS lookups are performed for IP addresses when printing. Note that this may add significant delay to *list* commands depending on DNS resolver speed.
 NFT_CTX_OUTPUT_SERVICE::
 	Print port numbers as services as described in the /etc/services file.
+NFT_CTX_OUTPUT_STATELESS::
+	If stateless output has been requested then stateful data is not printed. Stateful data refers to those objects that carry run-time data, eg. the *counter* statement holds packet and byte counter values, making it stateful.
 
 The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
 
@@ -141,17 +141,6 @@ The *nft_ctx_output_get_numeric*() function returns the numeric output setting's
 
 The *nft_ctx_output_set_numeric*() function sets the numeric output setting in 'ctx' to the value of 'level'.
 
-=== nft_ctx_output_get_stateless() and nft_ctx_output_set_stateless()
-In nftables, there are stateful objects, i.e. ruleset elements which carry run-time data.
-For example the *counter* statement holds packet and byte counter values, making it stateful.
-If stateless output has been requested, this data is omitted when printing ruleset elements.
-The default setting is *false*.
-
-
-The *nft_ctx_output_get_stateless*() function returns the stateless output setting's value in 'ctx'.
-
-The *nft_ctx_output_set_stateless*() function sets the stateless output setting in 'ctx' to the value of 'val'.
-
 === nft_ctx_output_get_debug() and nft_ctx_output_set_debug()
 Libnftables supports separate debugging of different parts of its internals.
 To facilitate this, debugging output is controlled via a bit mask.
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index 321441b03ca8..4f1c10901b1b 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -47,6 +47,7 @@ void nft_ctx_set_dry_run(struct nft_ctx *ctx, bool dry);
 enum {
 	NFT_CTX_OUTPUT_REVERSEDNS	= (1 << 0),
 	NFT_CTX_OUTPUT_SERVICE		= (1 << 1),
+	NFT_CTX_OUTPUT_STATELESS	= (1 << 2),
 };
 
 unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
@@ -54,8 +55,6 @@ void nft_ctx_output_set_flags(struct nft_ctx *ctx, unsigned int flags);
 
 enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
 void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level);
-bool nft_ctx_output_get_stateless(struct nft_ctx *ctx);
-void nft_ctx_output_set_stateless(struct nft_ctx *ctx, bool val);
 unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
 void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
 bool nft_ctx_output_get_handle(struct nft_ctx *ctx);
diff --git a/src/expression.c b/src/expression.c
index 0bd5112287e7..0853c565a58e 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -1041,7 +1041,7 @@ static void set_elem_expr_print(const struct expr *expr,
 		nft_print(octx, " timeout ");
 		time_print(expr->timeout, octx);
 	}
-	if (!octx->stateless && expr->expiration) {
+	if (!(octx->flags & NFT_CTX_OUTPUT_STATELESS) && expr->expiration) {
 		nft_print(octx, " expires ");
 		time_print(expr->expiration, octx);
 	}
diff --git a/src/json.c b/src/json.c
index 2105c47f6643..7b91860f2386 100644
--- a/src/json.c
+++ b/src/json.c
@@ -1074,7 +1074,7 @@ json_t *quota_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
 
 	if (stmt->quota.flags & NFT_QUOTA_F_INV)
 		json_object_set_new(root, "inv", json_true());
-	if (!octx->stateless && stmt->quota.used) {
+	if (!(octx->flags & NFT_CTX_OUTPUT_STATELESS) && stmt->quota.used) {
 		data_unit = get_rate(stmt->quota.used, &bytes);
 		json_object_set_new(root, "used", json_integer(bytes));
 		json_object_set_new(root, "used_unit", json_string(data_unit));
@@ -1323,7 +1323,7 @@ json_t *reject_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
 
 json_t *counter_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
 {
-	if (octx->stateless)
+	if (octx->flags & NFT_CTX_OUTPUT_STATELESS)
 		return json_pack("{s:n}", "counter");
 
 	return json_pack("{s:{s:I, s:I}}", "counter",
@@ -1355,9 +1355,9 @@ json_t *meter_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
 {
 	json_t *root, *tmp;
 
-	octx->stateless++;
+	octx->flags |= NFT_CTX_OUTPUT_STATELESS;
 	tmp = stmt_print_json(stmt->meter.stmt, octx);
-	octx->stateless--;
+	octx->flags &= ~NFT_CTX_OUTPUT_STATELESS;
 
 	root = json_pack("{s:o, s:o, s:i}",
 			 "key", expr_print_json(stmt->meter.key, octx),
diff --git a/src/libnftables.c b/src/libnftables.c
index 682335494d8a..a3abb21d0a7a 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -323,16 +323,6 @@ void nft_ctx_output_set_numeric(struct nft_ctx *ctx,
 	ctx->output.numeric = level;
 }
 
-bool nft_ctx_output_get_stateless(struct nft_ctx *ctx)
-{
-	return ctx->output.stateless;
-}
-
-void nft_ctx_output_set_stateless(struct nft_ctx *ctx, bool val)
-{
-	ctx->output.stateless = val;
-}
-
 unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx)
 {
 	return ctx->output.flags;
diff --git a/src/main.c b/src/main.c
index 8dccf465be57..129ba7770e33 100644
--- a/src/main.c
+++ b/src/main.c
@@ -227,7 +227,7 @@ int main(int argc, char * const *argv)
 			nft_ctx_output_set_numeric(nft, numeric + 1);
 			break;
 		case OPT_STATELESS:
-			nft_ctx_output_set_stateless(nft, true);
+			output_flags |= NFT_CTX_OUTPUT_STATELESS;
 			break;
 		case OPT_IP2NAME:
 			output_flags |= NFT_CTX_OUTPUT_REVERSEDNS;
diff --git a/src/statement.c b/src/statement.c
index e50ac706402d..179399464192 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -121,9 +121,9 @@ static void meter_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
 	expr_print(stmt->meter.key, octx);
 	nft_print(octx, " ");
 
-	octx->stateless++;
+	octx->flags |= NFT_CTX_OUTPUT_STATELESS;
 	stmt_print(stmt->meter.stmt, octx);
-	octx->stateless--;
+	octx->flags &= ~NFT_CTX_OUTPUT_STATELESS;
 
 	nft_print(octx, "} ");
 
@@ -175,7 +175,7 @@ static void counter_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
 {
 	nft_print(octx, "counter");
 
-	if (octx->stateless)
+	if (octx->flags & NFT_CTX_OUTPUT_STATELESS)
 		return;
 
 	nft_print(octx, " packets %" PRIu64 " bytes %" PRIu64,
@@ -463,7 +463,7 @@ static void quota_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
 	nft_print(octx, "quota %s%" PRIu64 " %s",
 		  inv ? "over " : "", bytes, data_unit);
 
-	if (!octx->stateless && stmt->quota.used) {
+	if (!(octx->flags & NFT_CTX_OUTPUT_STATELESS) && stmt->quota.used) {
 		data_unit = get_rate(stmt->quota.used, &used);
 		nft_print(octx, " used %" PRIu64 " %s", used, data_unit);
 	}
@@ -637,9 +637,9 @@ static void set_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
 	expr_print(stmt->set.key, octx);
 	if (stmt->set.stmt) {
 		nft_print(octx, " ");
-		octx->stateless++;
+		octx->flags |= NFT_CTX_OUTPUT_STATELESS;
 		stmt_print(stmt->set.stmt, octx);
-		octx->stateless--;
+		octx->flags &= ~NFT_CTX_OUTPUT_STATELESS;
 	}
 	nft_print(octx, " }");
 }
@@ -671,9 +671,9 @@ static void map_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
 	expr_print(stmt->map.key, octx);
 	if (stmt->map.stmt) {
 		nft_print(octx, " ");
-		octx->stateless++;
+		octx->flags |= NFT_CTX_OUTPUT_STATELESS;
 		stmt_print(stmt->map.stmt, octx);
-		octx->stateless--;
+		octx->flags &= ~NFT_CTX_OUTPUT_STATELESS;
 	}
 	nft_print(octx, " : ");
 	expr_print(stmt->map.data, octx);
-- 
2.11.0
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux