@Phil, thinking here we could probably get rid of
NFT_CTX_OUTPUT_NUMERIC_PROTO, since it is contained already in
NFT_CTX_OUTPUT_NUMERIC_SYMBOL.
There's no option for -p anymore, so we could simply things a bit
before.
On Mon, Oct 29, 2018 at 04:03:32PM +0100, Pablo Neira Ayuso wrote:
> This patch adds NFT_CTX_OUTPUT_NUMERIC_SYMBOL, which replaces the last
> client of the numeric level approach.
>
> This patch updates `-n' option semantics to display all output
> numerically.
>
> Note that monitor code was still using the -n option to skip printing
> the process name, this patch updates that path too to print it
> inconditionally to simplify things.
>
> Given the numeric levels have no more clients after this patch, remove
> that code.
>
> Update several tests/shell not to use -nn.
>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> @Phil: I think it should be possible to evaluate numerical through flags
> in case this interface needs to remain in place for nftables.py
> interface. I did not update tests/py/ bits, I cannot run that
> until python infrastructure gets in sync with this patchset, no rush
> just a side note.
>
> doc/libnftables.adoc | 35 -------------------------
> include/nftables.h | 6 ++++-
> include/nftables/libnftables.h | 10 +------
> src/datatype.c | 2 +-
> src/json.c | 2 +-
> src/libnftables.c | 11 --------
> src/main.c | 26 +++++++++---------
> src/monitor.c | 8 +++---
> tests/shell/testcases/netns/0001nft-f_0 | 2 +-
> tests/shell/testcases/netns/0002loosecommands_0 | 2 +-
> tests/shell/testcases/netns/0003many_0 | 2 +-
> 11 files changed, 27 insertions(+), 79 deletions(-)
>
> diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
> index 788194396db1..52b8fb0ca5a1 100644
> --- a/doc/libnftables.adoc
> +++ b/doc/libnftables.adoc
> @@ -21,10 +21,6 @@ void nft_ctx_set_dry_run(struct nft_ctx* '\*ctx'*, bool* 'dry'*);
> unsigned int nft_ctx_output_get_flags(struct nft_ctx* '\*ctx'*);
> void nft_ctx_output_set_flags(struct nft_ctx* '\*ctx'*, unsigned int* 'flags'*);
>
> -enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx* '\*ctx'*);
> -void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*,
> - enum nft_numeric_level* 'level'*);
> -
> unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*);
> void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*);
>
> @@ -126,37 +122,6 @@ NFT_CTX_OUTPUT_NUMERIC_PROTO::
> NFT_CTX_OUTPUT_NUMERIC_PRIO::
> Display base chain priority numerically.
>
> -=== nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric()
> -These functions allow control over value representation in library output.
> -For instance, port numbers by default are printed by their name (as listed in '/etc/services' file), if known.
> -In libnftables, numeric output is leveled, defined as such:
> -
> -----
> -enum nft_numeric_level {
> - NFT_NUMERIC_NONE,
> - NFT_NUMERIC_ADDR,
> - NFT_NUMERIC_PORT,
> - NFT_NUMERIC_ALL,
> -};
> -----
> -
> -Each numeric level includes all previous ones:
> -
> -NFT_NUMERIC_NONE::
> - No conversion into numeric format happens, this is the default.
> -NFT_NUMERIC_ADDR::
> - Network addresses are always converted into numeric format.
> -NFT_NUMERIC_PORT::
> - Network services are always converted into numeric format.
> -NFT_NUMERIC_ALL::
> - Everything is converted into numeric format.
> -
> -The default numeric level is *NFT_NUMERIC_NONE*.
> -
> -The *nft_ctx_output_get_numeric*() function returns the numeric output setting's value contained in 'ctx'.
> -
> -The *nft_ctx_output_set_numeric*() function sets the numeric output setting in 'ctx' to the value of 'level'.
> -
> === nft_ctx_output_get_debug() and nft_ctx_output_set_debug()
> Libnftables supports separate debugging of different parts of its internals.
> To facilitate this, debugging output is controlled via a bit mask.
> diff --git a/include/nftables.h b/include/nftables.h
> index a4d01e0cddea..5c0292615b3f 100644
> --- a/include/nftables.h
> +++ b/include/nftables.h
> @@ -17,7 +17,6 @@ struct cookie {
>
> struct output_ctx {
> unsigned int flags;
> - unsigned int numeric;
> union {
> FILE *output_fp;
> struct cookie output_cookie;
> @@ -73,6 +72,11 @@ static inline bool nft_output_numeric_prio(const struct output_ctx *octx)
> return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PRIO;
> }
>
> +static inline bool nft_output_numeric_symbol(const struct output_ctx *octx)
> +{
> + return octx->flags & NFT_CTX_OUTPUT_NUMERIC_SYMBOL;
> +}
> +
> struct nft_cache {
> uint16_t genid;
> struct list_head list;
> diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
> index fb81edc0df07..82b4181de0cc 100644
> --- a/include/nftables/libnftables.h
> +++ b/include/nftables/libnftables.h
> @@ -26,13 +26,6 @@ enum nft_debug_level {
> NFT_DEBUG_SEGTREE = 0x40,
> };
>
> -enum nft_numeric_level {
> - NFT_NUMERIC_NONE,
> - NFT_NUMERIC_ADDR,
> - NFT_NUMERIC_PORT,
> - NFT_NUMERIC_ALL,
> -};
> -
> /**
> * Possible flags to pass to nft_ctx_new()
> */
> @@ -54,13 +47,12 @@ enum {
> NFT_CTX_OUTPUT_GUID = (1 << 6),
> NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
> NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8),
> + NFT_CTX_OUTPUT_NUMERIC_SYMBOL = (1 << 9),
> };
>
> unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
> void nft_ctx_output_set_flags(struct nft_ctx *ctx, unsigned int flags);
>
> -enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
> -void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level);
> unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
> void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
>
> diff --git a/src/datatype.c b/src/datatype.c
> index bfb70a6ebb76..6af1c84350d1 100644
> --- a/src/datatype.c
> +++ b/src/datatype.c
> @@ -196,7 +196,7 @@ void symbolic_constant_print(const struct symbol_table *tbl,
> if (quotes)
> nft_print(octx, "\"");
>
> - if (octx->numeric > NFT_NUMERIC_ALL)
> + if (nft_output_numeric_symbol(octx))
> nft_print(octx, "%" PRIu64 "", val);
> else
> nft_print(octx, "%s", s->identifier);
> diff --git a/src/json.c b/src/json.c
> index 8a2bcd658bd8..fc92d4641fcf 100644
> --- a/src/json.c
> +++ b/src/json.c
> @@ -812,7 +812,7 @@ static json_t *symbolic_constant_json(const struct symbol_table *tbl,
> if (!s->identifier)
> return expr_basetype(expr)->json(expr, octx);
>
> - if (octx->numeric > NFT_NUMERIC_ALL)
> + if (nft_output_numeric_symbol(octx))
> return json_integer(val);
> else
> return json_string(s->identifier);
> diff --git a/src/libnftables.c b/src/libnftables.c
> index 03c15fbaf7e5..bd79cd6091d2 100644
> --- a/src/libnftables.c
> +++ b/src/libnftables.c
> @@ -312,17 +312,6 @@ void nft_ctx_set_dry_run(struct nft_ctx *ctx, bool dry)
> ctx->check = dry;
> }
>
> -enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx)
> -{
> - return ctx->output.numeric;
> -}
> -
> -void nft_ctx_output_set_numeric(struct nft_ctx *ctx,
> - enum nft_numeric_level level)
> -{
> - ctx->output.numeric = level;
> -}
> -
> unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx)
> {
> return ctx->output.flags;
> diff --git a/src/main.c b/src/main.c
> index 883261fc9d8b..952ce356490f 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -132,9 +132,7 @@ static void show_help(const char *name)
> " -i, --interactive Read input from interactive CLI\n"
> "\n"
> " -j, --json Format output in JSON\n"
> -" -n, --numeric When specified once, show network addresses numerically (default behaviour).\n"
> -" Specify twice to also show Internet services (port numbers) numerically.\n"
> -" Specify three times to also show protocols, user IDs, and group IDs numerically.\n"
> +" -n, --numeric Print output fully numerical.\n"
> " -s, --stateless Omit stateful information of ruleset.\n"
> " -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n"
> " -N Translate IP addresses to names.\n"
> @@ -188,10 +186,9 @@ static const struct {
>
> int main(int argc, char * const *argv)
> {
> + bool interactive = false, numeric = false;
> char *buf = NULL, *filename = NULL;
> - enum nft_numeric_level numeric;
> unsigned int output_flags = 0;
> - bool interactive = false;
> unsigned int debug_mask;
> unsigned int len;
> int i, val, rc;
> @@ -229,14 +226,10 @@ int main(int argc, char * const *argv)
> }
> break;
> case OPT_NUMERIC:
> - numeric = nft_ctx_output_get_numeric(nft);
> - if (numeric == NFT_NUMERIC_ALL) {
> - fprintf(stderr, "Too many numeric options "
> - "used, max. %u\n",
> - NFT_NUMERIC_ALL);
> - exit(EXIT_FAILURE);
> - }
> - nft_ctx_output_set_numeric(nft, numeric + 1);
> + numeric = true;
> + output_flags |= (NFT_CTX_OUTPUT_NUMERIC_PROTO |
> + NFT_CTX_OUTPUT_NUMERIC_PRIO |
> + NFT_CTX_OUTPUT_NUMERIC_SYMBOL);
> break;
> case OPT_STATELESS:
> output_flags |= NFT_CTX_OUTPUT_STATELESS;
> @@ -298,6 +291,13 @@ int main(int argc, char * const *argv)
> }
> }
>
> + if (numeric &&
> + (output_flags &
> + (NFT_CTX_OUTPUT_REVERSEDNS |
> + NFT_CTX_OUTPUT_SERVICE |
> + NFT_CTX_OUTPUT_GUID)))
> + fprintf(stderr, "cannot combine `-n' with `-N', `-S', '-u'\n");
> +
> nft_ctx_output_set_flags(nft, output_flags);
>
> if (optind != argc) {
> diff --git a/src/monitor.c b/src/monitor.c
> index b2267e1f63e4..0e735ed5b1aa 100644
> --- a/src/monitor.c
> +++ b/src/monitor.c
> @@ -835,11 +835,9 @@ static int netlink_events_newgen_cb(const struct nlmsghdr *nlh, int type,
> }
> if (genid >= 0) {
> nft_mon_print(monh, "# new generation %d", genid);
> - if (pid >= 0) {
> - nft_mon_print(monh, " by process %d", pid);
> - if (!monh->ctx->nft->output.numeric)
> - nft_mon_print(monh, " (%s)", name);
> - }
> + if (pid >= 0)
> + nft_mon_print(monh, " by process %d (%s)", pid, name);
> +
> nft_mon_print(monh, "\n");
> }
>
> diff --git a/tests/shell/testcases/netns/0001nft-f_0 b/tests/shell/testcases/netns/0001nft-f_0
> index 642498260e00..8344808760b7 100755
> --- a/tests/shell/testcases/netns/0001nft-f_0
> +++ b/tests/shell/testcases/netns/0001nft-f_0
> @@ -90,7 +90,7 @@ if [ $? -ne 0 ] ; then
> exit 1
> fi
>
> -KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
> +KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
> $IP netns del $NETNS_NAME
> if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
> DIFF="$(which diff)"
> diff --git a/tests/shell/testcases/netns/0002loosecommands_0 b/tests/shell/testcases/netns/0002loosecommands_0
> index 3910446a5565..e62782804da4 100755
> --- a/tests/shell/testcases/netns/0002loosecommands_0
> +++ b/tests/shell/testcases/netns/0002loosecommands_0
> @@ -53,7 +53,7 @@ RULESET="table ip t {
> }
> }"
>
> -KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
> +KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
> $IP netns del $NETNS_NAME
> if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
> DIFF="$(which diff)"
> diff --git a/tests/shell/testcases/netns/0003many_0 b/tests/shell/testcases/netns/0003many_0
> index 5ec4b2e4358f..61ad37bddadb 100755
> --- a/tests/shell/testcases/netns/0003many_0
> +++ b/tests/shell/testcases/netns/0003many_0
> @@ -94,7 +94,7 @@ function test_netns()
> exit 1
> fi
>
> - KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
> + KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
> if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
> echo "E: ruleset in netns $NETNS_NAME differs from the loaded" >&2
> DIFF="$(which diff)"
> --
> 2.11.0
>
