[PATCH 1/2 nft,v2] src: add -p to print layer 4 protocol numerically

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Mon, 29 Oct 2018 14:39:51 +0100

We keep printing layer 4 protocols as literals since we do not use
/etc/protocols. Add -p option to print layer 4 protocols numerically.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
v2: update documentation.
    Rename to NUMERIC_PROTO.

 doc/libnftables.adoc           |  3 +++
 doc/nft.txt                    |  4 ++++
 include/nftables.h             |  5 +++++
 include/nftables/libnftables.h |  1 +
 src/datatype.c                 |  2 +-
 src/main.c                     | 11 ++++++++++-
 6 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index 67d9f261034c..dc3299f037df 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -91,6 +91,7 @@ enum {
         NFT_CTX_OUTPUT_JSON        = (1 << 4),
         NFT_CTX_OUTPUT_ECHO        = (1 << 5),
         NFT_CTX_OUTPUT_GUID        = (1 << 6),
+        NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
 };
 ----
 
@@ -119,6 +120,8 @@ NFT_CTX_OUTPUT_GUID::
 The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
 
 The *nft_ctx_output_set_flags*() function sets the output flags setting in 'ctx' to the value of 'val'.
+NFT_CTX_OUTPUT_NUMERIC_PROTO::
+	Display layer 4 protocol numerically.
 
 === nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric()
 These functions allow control over value representation in library output.
diff --git a/doc/nft.txt b/doc/nft.txt
index 39527c4e8e55..4ef8c5b3506f 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -56,6 +56,10 @@ For a full summary of options, run *nft --help*.
 *--guid**::
 	Translate numeric UID/GID to names as defined by /etc/passwd and /etc/group.
 
+*-p*::
+*--numeric-protocol**::
+	Display layer 4 protocol numerically.
+
 *-c*::
 *--check*::
 	Check commands validity without actually applying the changes.
diff --git a/include/nftables.h b/include/nftables.h
index 57203dfcce3f..8f483bf84ff6 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -77,6 +77,11 @@ static inline bool nft_output_guid(const struct output_ctx *octx)
 	return octx->flags & NFT_CTX_OUTPUT_GUID;
 }
 
+static inline bool nft_output_numeric_proto(const struct output_ctx *octx)
+{
+	return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PROTO;
+}
+
 struct nft_cache {
 	uint16_t		genid;
 	struct list_head	list;
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index ff7b47aa3160..74f2dabbd1d5 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -52,6 +52,7 @@ enum {
 	NFT_CTX_OUTPUT_JSON		= (1 << 4),
 	NFT_CTX_OUTPUT_ECHO		= (1 << 5),
 	NFT_CTX_OUTPUT_GUID		= (1 << 6),
+	NFT_CTX_OUTPUT_NUMERIC_PROTO	= (1 << 7),
 };
 
 unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
diff --git a/src/datatype.c b/src/datatype.c
index 48eaca277757..bfb70a6ebb76 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -564,7 +564,7 @@ static void inet_protocol_type_print(const struct expr *expr,
 {
 	struct protoent *p;
 
-	if (octx->numeric < NFT_NUMERIC_ALL) {
+	if (!nft_output_numeric_proto(octx)) {
 		p = getprotobynumber(mpz_get_uint8(expr->value));
 		if (p != NULL) {
 			nft_print(octx, "%s", p->p_name);
diff --git a/src/main.c b/src/main.c
index 0c8fa1e9a108..70bde253495e 100644
--- a/src/main.c
+++ b/src/main.c
@@ -40,10 +40,11 @@ enum opt_vals {
 	OPT_HANDLE_OUTPUT	= 'a',
 	OPT_ECHO		= 'e',
 	OPT_GUID		= 'u',
+	OPT_NUMERIC_PROTO	= 'p',
 	OPT_INVALID		= '?',
 };
 
-#define OPTSTRING	"hvcf:iI:jvnsNaeSu"
+#define OPTSTRING	"hvcf:iI:jvnsNaeSup"
 
 static const struct option options[] = {
 	{
@@ -110,6 +111,10 @@ static const struct option options[] = {
 		.val		= OPT_GUID,
 	},
 	{
+		.name		= "numeric-protocol",
+		.val		= OPT_NUMERIC_PROTO,
+	},
+	{
 		.name		= NULL
 	}
 };
@@ -135,6 +140,7 @@ static void show_help(const char *name)
 "  -u, --guid			Print UID/GID as defined in /etc/passwd and /etc/group.\n"
 "  -N				Translate IP addresses to names.\n"
 "  -S, --service			Translate ports to service names as described in /etc/services.\n"
+"  -p, --numeric-protocol	Print layer 4 protocols numerically.\n"
 "  -a, --handle			Output rule handle.\n"
 "  -e, --echo			Echo what has been added, inserted or replaced.\n"
 "  -I, --includepath <directory>	Add <directory> to the paths searched for include files. Default is: %s\n"
@@ -285,6 +291,9 @@ int main(int argc, char * const *argv)
 		case OPT_GUID:
 			output_flags |= NFT_CTX_OUTPUT_GUID;
 			break;
+		case OPT_NUMERIC_PROTO:
+			output_flags |= NFT_CTX_OUTPUT_NUMERIC_PROTO;
+			break;
 		case OPT_INVALID:
 			exit(EXIT_FAILURE);
 		}
-- 
2.11.0








