Re: [PATCH 1/2 nft,v2] src: add -p to print layer 4 protocol numerically

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Mon, 29 Oct 2018 14:55:15 +0100

Hi Phil,

I would probably keep back this patch, it's too fine grain. Instead I
would turn -n into 'display everything numerically' after this
patchset.

Hence, we have the fine grain toggles for stateless, reverse dns,
service, guid and chain priority. Then the global toggles to turn
everything into numeric.

That should be enough by now I think.

Let me know, thanks.

On Mon, Oct 29, 2018 at 02:39:51PM +0100, Pablo Neira Ayuso wrote:
> We keep printing layer 4 protocols as literals since we do not use
> /etc/protocols. Add -p option to print layer 4 protocols numerically.
> 
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> v2: update documentation.
>     Rename to NUMERIC_PROTO.
> 
>  doc/libnftables.adoc           |  3 +++
>  doc/nft.txt                    |  4 ++++
>  include/nftables.h             |  5 +++++
>  include/nftables/libnftables.h |  1 +
>  src/datatype.c                 |  2 +-
>  src/main.c                     | 11 ++++++++++-
>  6 files changed, 24 insertions(+), 2 deletions(-)
> 
> diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
> index 67d9f261034c..dc3299f037df 100644
> --- a/doc/libnftables.adoc
> +++ b/doc/libnftables.adoc
> @@ -91,6 +91,7 @@ enum {
>          NFT_CTX_OUTPUT_JSON        = (1 << 4),
>          NFT_CTX_OUTPUT_ECHO        = (1 << 5),
>          NFT_CTX_OUTPUT_GUID        = (1 << 6),
> +        NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
>  };
>  ----
>  
> @@ -119,6 +120,8 @@ NFT_CTX_OUTPUT_GUID::
>  The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
>  
>  The *nft_ctx_output_set_flags*() function sets the output flags setting in 'ctx' to the value of 'val'.
> +NFT_CTX_OUTPUT_NUMERIC_PROTO::
> +	Display layer 4 protocol numerically.
>  
>  === nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric()
>  These functions allow control over value representation in library output.
> diff --git a/doc/nft.txt b/doc/nft.txt
> index 39527c4e8e55..4ef8c5b3506f 100644
> --- a/doc/nft.txt
> +++ b/doc/nft.txt
> @@ -56,6 +56,10 @@ For a full summary of options, run *nft --help*.
>  *--guid**::
>  	Translate numeric UID/GID to names as defined by /etc/passwd and /etc/group.
>  
> +*-p*::
> +*--numeric-protocol**::
> +	Display layer 4 protocol numerically.
> +
>  *-c*::
>  *--check*::
>  	Check commands validity without actually applying the changes.
> diff --git a/include/nftables.h b/include/nftables.h
> index 57203dfcce3f..8f483bf84ff6 100644
> --- a/include/nftables.h
> +++ b/include/nftables.h
> @@ -77,6 +77,11 @@ static inline bool nft_output_guid(const struct output_ctx *octx)
>  	return octx->flags & NFT_CTX_OUTPUT_GUID;
>  }
>  
> +static inline bool nft_output_numeric_proto(const struct output_ctx *octx)
> +{
> +	return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PROTO;
> +}
> +
>  struct nft_cache {
>  	uint16_t		genid;
>  	struct list_head	list;
> diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
> index ff7b47aa3160..74f2dabbd1d5 100644
> --- a/include/nftables/libnftables.h
> +++ b/include/nftables/libnftables.h
> @@ -52,6 +52,7 @@ enum {
>  	NFT_CTX_OUTPUT_JSON		= (1 << 4),
>  	NFT_CTX_OUTPUT_ECHO		= (1 << 5),
>  	NFT_CTX_OUTPUT_GUID		= (1 << 6),
> +	NFT_CTX_OUTPUT_NUMERIC_PROTO	= (1 << 7),
>  };
>  
>  unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
> diff --git a/src/datatype.c b/src/datatype.c
> index 48eaca277757..bfb70a6ebb76 100644
> --- a/src/datatype.c
> +++ b/src/datatype.c
> @@ -564,7 +564,7 @@ static void inet_protocol_type_print(const struct expr *expr,
>  {
>  	struct protoent *p;
>  
> -	if (octx->numeric < NFT_NUMERIC_ALL) {
> +	if (!nft_output_numeric_proto(octx)) {
>  		p = getprotobynumber(mpz_get_uint8(expr->value));
>  		if (p != NULL) {
>  			nft_print(octx, "%s", p->p_name);
> diff --git a/src/main.c b/src/main.c
> index 0c8fa1e9a108..70bde253495e 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -40,10 +40,11 @@ enum opt_vals {
>  	OPT_HANDLE_OUTPUT	= 'a',
>  	OPT_ECHO		= 'e',
>  	OPT_GUID		= 'u',
> +	OPT_NUMERIC_PROTO	= 'p',
>  	OPT_INVALID		= '?',
>  };
>  
> -#define OPTSTRING	"hvcf:iI:jvnsNaeSu"
> +#define OPTSTRING	"hvcf:iI:jvnsNaeSup"
>  
>  static const struct option options[] = {
>  	{
> @@ -110,6 +111,10 @@ static const struct option options[] = {
>  		.val		= OPT_GUID,
>  	},
>  	{
> +		.name		= "numeric-protocol",
> +		.val		= OPT_NUMERIC_PROTO,
> +	},
> +	{
>  		.name		= NULL
>  	}
>  };
> @@ -135,6 +140,7 @@ static void show_help(const char *name)
>  "  -u, --guid			Print UID/GID as defined in /etc/passwd and /etc/group.\n"
>  "  -N				Translate IP addresses to names.\n"
>  "  -S, --service			Translate ports to service names as described in /etc/services.\n"
> +"  -p, --numeric-protocol	Print layer 4 protocols numerically.\n"
>  "  -a, --handle			Output rule handle.\n"
>  "  -e, --echo			Echo what has been added, inserted or replaced.\n"
>  "  -I, --includepath <directory>	Add <directory> to the paths searched for include files. Default is: %s\n"
> @@ -285,6 +291,9 @@ int main(int argc, char * const *argv)
>  		case OPT_GUID:
>  			output_flags |= NFT_CTX_OUTPUT_GUID;
>  			break;
> +		case OPT_NUMERIC_PROTO:
> +			output_flags |= NFT_CTX_OUTPUT_NUMERIC_PROTO;
> +			break;
>  		case OPT_INVALID:
>  			exit(EXIT_FAILURE);
>  		}
> -- 
> 2.11.0
> 