We keep printing layer 4 protocols as literals since we do not use
/etc/protocols. This new flag allows us to print it as a number.
libnftables internally uses this to print layer 4 protocol as numbers
when part of a range.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
This patch was "src: add -p to print layer 4 protocol numerically."
doc/libnftables.adoc | 3 +++
include/nftables.h | 5 +++++
include/nftables/libnftables.h | 1 +
src/datatype.c | 2 +-
src/expression.c | 1 +
src/json.c | 3 ++-
6 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index 67d9f261034c..dc3299f037df 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -91,6 +91,7 @@ enum {
NFT_CTX_OUTPUT_JSON = (1 << 4),
NFT_CTX_OUTPUT_ECHO = (1 << 5),
NFT_CTX_OUTPUT_GUID = (1 << 6),
+ NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
};
----
@@ -119,6 +120,8 @@ NFT_CTX_OUTPUT_GUID::
The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
The *nft_ctx_output_set_flags*() function sets the output flags setting in 'ctx' to the value of 'val'.
+NFT_CTX_OUTPUT_NUMERIC_PROTO::
+ Display layer 4 protocol numerically.
=== nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric()
These functions allow control over value representation in library output.
diff --git a/include/nftables.h b/include/nftables.h
index 2dff07fef599..d0031e841134 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -63,6 +63,11 @@ static inline bool nft_output_guid(const struct output_ctx *octx)
return octx->flags & NFT_CTX_OUTPUT_GUID;
}
+static inline bool nft_output_numeric_proto(const struct output_ctx *octx)
+{
+ return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PROTO;
+}
+
struct nft_cache {
uint16_t genid;
struct list_head list;
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index ff7b47aa3160..74f2dabbd1d5 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -52,6 +52,7 @@ enum {
NFT_CTX_OUTPUT_JSON = (1 << 4),
NFT_CTX_OUTPUT_ECHO = (1 << 5),
NFT_CTX_OUTPUT_GUID = (1 << 6),
+ NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
};
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
diff --git a/src/datatype.c b/src/datatype.c
index 48eaca277757..bfb70a6ebb76 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -564,7 +564,7 @@ static void inet_protocol_type_print(const struct expr *expr,
{
struct protoent *p;
- if (octx->numeric < NFT_NUMERIC_ALL) {
+ if (!nft_output_numeric_proto(octx)) {
p = getprotobynumber(mpz_get_uint8(expr->value));
if (p != NULL) {
nft_print(octx, "%s", p->p_name);
diff --git a/src/expression.c b/src/expression.c
index 25883ea771ef..5ff469c561d5 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -663,6 +663,7 @@ static void range_expr_print(const struct expr *expr, struct output_ctx *octx)
unsigned int flags = octx->flags;
octx->flags &= ~NFT_CTX_OUTPUT_SERVICE;
+ octx->flags |= NFT_CTX_OUTPUT_NUMERIC_PROTO;
expr_print(expr->left, octx);
nft_print(octx, "-");
expr_print(expr->right, octx);
diff --git a/src/json.c b/src/json.c
index e90445fc9276..8a2bcd658bd8 100644
--- a/src/json.c
+++ b/src/json.c
@@ -448,6 +448,7 @@ json_t *range_expr_json(const struct expr *expr, struct output_ctx *octx)
json_t *root;
octx->flags &= ~NFT_CTX_OUTPUT_SERVICE;
+ octx->flags |= NFT_CTX_OUTPUT_NUMERIC_PROTO;
root = json_pack("{s:[o, o]}", "range",
expr_print_json(expr->left, octx),
expr_print_json(expr->right, octx));
@@ -961,7 +962,7 @@ json_t *inet_protocol_type_json(const struct expr *expr,
{
struct protoent *p;
- if (octx->numeric < NFT_NUMERIC_ALL) {
+ if (!nft_output_numeric_proto(octx)) {
p = getprotobynumber(mpz_get_uint8(expr->value));
if (p != NULL)
return json_string(p->p_name);
--
2.11.0
