On Mon, Oct 29, 2018 at 05:46:29PM +0100, Phil Sutter wrote:
> Hi,
>
> On Mon, Oct 29, 2018 at 02:10:27PM +0100, Pablo Neira Ayuso wrote:
> > We keep printing layer 4 protocols as literals since we do not use
> > /etc/protocols. Add -p option to print layer 4 protocols numerically.
> >
> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
>
> Acked-by: Phil Sutter <phil@xxxxxx>
>
> One question:
>
> [...]
> > diff --git a/src/datatype.c b/src/datatype.c
> > index 48eaca277757..2e957e60bb71 100644
> > --- a/src/datatype.c
> > +++ b/src/datatype.c
> > @@ -564,7 +564,7 @@ static void inet_protocol_type_print(const struct expr *expr,
> > {
> > struct protoent *p;
> >
> > - if (octx->numeric < NFT_NUMERIC_ALL) {
> > + if (!nft_output_numeric_protocol(octx)) {
> > p = getprotobynumber(mpz_get_uint8(expr->value));
> > if (p != NULL) {
> > nft_print(octx, "%s", p->p_name);
>
> In range_expression_print(), we did:
>
> | octx->numeric += NFT_NUMERIC_ALL + 1
>
> to avoid confusion with names containing dashes. I see that now the same
> function just removes NFT_CTX_OUTPUT_SERVICE bit instead. Is that
> sufficient? I guess users could still turn on reverse DNS while listing
> interval sets with IP addresses, right?
Right, reverse dns listing was broken before this patch, we should
disable it too. Sending a patch for this.
