[PATCH nft 2/2,v2] src: add -y to priority base chain nummerically

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



By default base chains are printed using default hook priority
definitions. Add -y option to print them as numbers.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
v2: Rebase on top of "src: add NFT_CTX_OUTPUT_NUMERIC_PROTO"

 doc/libnftables.adoc           |  3 +++
 doc/nft.txt                    |  4 ++++
 include/nftables.h             |  5 +++++
 include/nftables/libnftables.h |  1 +
 src/main.c                     | 12 ++++++++++--
 src/rule.c                     | 20 ++++++++++----------
 6 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index dc3299f037df..788194396db1 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -92,6 +92,7 @@ enum {
         NFT_CTX_OUTPUT_ECHO        = (1 << 5),
         NFT_CTX_OUTPUT_GUID        = (1 << 6),
         NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
+        NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8),
 };
 ----
 
@@ -122,6 +123,8 @@ The *nft_ctx_output_get_flags*() function returns the output flags setting's val
 The *nft_ctx_output_set_flags*() function sets the output flags setting in 'ctx' to the value of 'val'.
 NFT_CTX_OUTPUT_NUMERIC_PROTO::
 	Display layer 4 protocol numerically.
+NFT_CTX_OUTPUT_NUMERIC_PRIO::
+	Display base chain priority numerically.
 
 === nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric()
 These functions allow control over value representation in library output.
diff --git a/doc/nft.txt b/doc/nft.txt
index 39527c4e8e55..99ac0e333a93 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -56,6 +56,10 @@ For a full summary of options, run *nft --help*.
 *--guid**::
 	Translate numeric UID/GID to names as defined by /etc/passwd and /etc/group.
 
+*-y*::
+*--numeric-priority**::
+	Display base chain priority numerically.
+
 *-c*::
 *--check*::
 	Check commands validity without actually applying the changes.
diff --git a/include/nftables.h b/include/nftables.h
index d0031e841134..51eaad3cbdf4 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -68,6 +68,11 @@ static inline bool nft_output_numeric_proto(const struct output_ctx *octx)
 	return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PROTO;
 }
 
+static inline bool nft_output_numeric_priority(const struct output_ctx *octx)
+{
+	return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PRIO;
+}
+
 struct nft_cache {
 	uint16_t		genid;
 	struct list_head	list;
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index 74f2dabbd1d5..fb81edc0df07 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -53,6 +53,7 @@ enum {
 	NFT_CTX_OUTPUT_ECHO		= (1 << 5),
 	NFT_CTX_OUTPUT_GUID		= (1 << 6),
 	NFT_CTX_OUTPUT_NUMERIC_PROTO	= (1 << 7),
+	NFT_CTX_OUTPUT_NUMERIC_PRIO     = (1 << 8),
 };
 
 unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
diff --git a/src/main.c b/src/main.c
index 0c8fa1e9a108..883261fc9d8b 100644
--- a/src/main.c
+++ b/src/main.c
@@ -40,10 +40,10 @@ enum opt_vals {
 	OPT_HANDLE_OUTPUT	= 'a',
 	OPT_ECHO		= 'e',
 	OPT_GUID		= 'u',
+	OPT_NUMERIC_PRIO	= 'y',
 	OPT_INVALID		= '?',
 };
-
-#define OPTSTRING	"hvcf:iI:jvnsNaeSu"
+#define OPTSTRING	"hvcf:iI:jvnsNaeSupy"
 
 static const struct option options[] = {
 	{
@@ -110,6 +110,10 @@ static const struct option options[] = {
 		.val		= OPT_GUID,
 	},
 	{
+		.name		= "numeric-priority",
+		.val		= OPT_NUMERIC_PRIO,
+	},
+	{
 		.name		= NULL
 	}
 };
@@ -135,6 +139,7 @@ static void show_help(const char *name)
 "  -u, --guid			Print UID/GID as defined in /etc/passwd and /etc/group.\n"
 "  -N				Translate IP addresses to names.\n"
 "  -S, --service			Translate ports to service names as described in /etc/services.\n"
+"  -y, --numeric-priority	Print chain priority numerically.\n"
 "  -a, --handle			Output rule handle.\n"
 "  -e, --echo			Echo what has been added, inserted or replaced.\n"
 "  -I, --includepath <directory>	Add <directory> to the paths searched for include files. Default is: %s\n"
@@ -285,6 +290,9 @@ int main(int argc, char * const *argv)
 		case OPT_GUID:
 			output_flags |= NFT_CTX_OUTPUT_GUID;
 			break;
+		case OPT_NUMERIC_PRIO:
+			output_flags |= NFT_CTX_OUTPUT_NUMERIC_PRIO;
+			break;
 		case OPT_INVALID:
 			exit(EXIT_FAILURE);
 		}
diff --git a/src/rule.c b/src/rule.c
index 33cbf0e2e9bb..cdf204cd4d8c 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -946,8 +946,9 @@ int std_prio_lookup(const char *std_prio_name, int family, int hook)
 	return NF_IP_PRI_LAST;
 }
 
-static const char *prio2str(char *buf, size_t bufsize, int family, int hook,
-			    int prio, int numeric)
+static const char *prio2str(const struct output_ctx *octx,
+			    char *buf, size_t bufsize, int family, int hook,
+			    int prio)
 {
 	const struct prio_tag *prio_arr;
 	const char *std_prio_str;
@@ -963,7 +964,7 @@ static const char *prio2str(char *buf, size_t bufsize, int family, int hook,
 		arr_size = array_size(std_prios);
 	}
 
-	if (numeric != NFT_NUMERIC_ALL) {
+	if (!nft_output_numeric_priority(octx)) {
 		for (i = 0; i < arr_size; ++i) {
 			std_prio = prio_arr[i].val;
 			std_prio_str = prio_arr[i].str;
@@ -1004,9 +1005,9 @@ static void chain_print_declaration(const struct chain *chain,
 		if (chain->dev != NULL)
 			nft_print(octx, " device %s", chain->dev);
 		nft_print(octx, " priority %s; policy %s;\n",
-			  prio2str(priobuf, sizeof(priobuf),
+			  prio2str(octx, priobuf, sizeof(priobuf),
 				   chain->handle.family, chain->hooknum,
-				   chain->priority.num, octx->numeric),
+				   chain->priority.num),
 			  chain_policy2str(chain->policy));
 	}
 }
@@ -1035,9 +1036,9 @@ void chain_print_plain(const struct chain *chain, struct output_ctx *octx)
 	if (chain->flags & CHAIN_F_BASECHAIN) {
 		nft_print(octx, " { type %s hook %s priority %s; policy %s; }",
 			  chain->type, chain->hookstr,
-			  prio2str(priobuf, sizeof(priobuf),
+			  prio2str(octx, priobuf, sizeof(priobuf),
 				   chain->handle.family, chain->hooknum,
-				   chain->priority.num, octx->numeric),
+				   chain->priority.num),
 			  chain_policy2str(chain->policy));
 	}
 	if (nft_output_handle(octx))
@@ -1950,9 +1951,8 @@ static void flowtable_print_declaration(const struct flowtable *flowtable,
 	nft_print(octx, "%s%shook %s priority %s%s",
 		  opts->tab, opts->tab,
 		  hooknum2str(NFPROTO_NETDEV, flowtable->hooknum),
-		  prio2str(priobuf, sizeof(priobuf), NFPROTO_NETDEV,
-			   flowtable->hooknum, flowtable->priority.num,
-			   octx->numeric),
+		  prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV,
+			   flowtable->hooknum, flowtable->priority.num),
 		  opts->stmt_separator);
 
 	nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab);
-- 
2.11.0




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux