This patch adds NFT_CTX_OUTPUT_NUMERIC_SYMBOL, which replaces the last
client of the numeric level approach.
This patch updates `-n' option semantics to display all output
numerically.
Note that monitor code was still using the -n option to skip printing
the process name, this patch updates that path too to print it
inconditionally to simplify things.
Given the numeric levels have no more clients after this patch, remove
that code.
Update several tests/shell not to use -nn.
This patch removes NFT_CTX_OUTPUT_NUMERIC_PROTOCOL, since it is already
contained in NFT_CTX_OUTPUT_NUMERIC_SYMBOL.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
v2: merge NFT_CTX_OUTPUT_NUMERIC_PROTOCOL into NFT_CTX_OUTPUT_NUMERIC_SYMBOL
to remove extra toggle.
doc/libnftables.adoc | 42 +++----------------------
include/nftables.h | 5 ++-
include/nftables/libnftables.h | 11 +------
src/datatype.c | 4 +--
src/expression.c | 2 +-
src/json.c | 6 ++--
src/libnftables.c | 11 -------
src/main.c | 25 +++++++--------
src/monitor.c | 8 ++---
tests/shell/testcases/netns/0001nft-f_0 | 2 +-
tests/shell/testcases/netns/0002loosecommands_0 | 2 +-
tests/shell/testcases/netns/0003many_0 | 2 +-
12 files changed, 31 insertions(+), 89 deletions(-)
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index 788194396db1..dd9a1c93ee27 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -21,10 +21,6 @@ void nft_ctx_set_dry_run(struct nft_ctx* '\*ctx'*, bool* 'dry'*);
unsigned int nft_ctx_output_get_flags(struct nft_ctx* '\*ctx'*);
void nft_ctx_output_set_flags(struct nft_ctx* '\*ctx'*, unsigned int* 'flags'*);
-enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx* '\*ctx'*);
-void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*,
- enum nft_numeric_level* 'level'*);
-
unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*);
void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*);
@@ -91,8 +87,9 @@ enum {
NFT_CTX_OUTPUT_JSON = (1 << 4),
NFT_CTX_OUTPUT_ECHO = (1 << 5),
NFT_CTX_OUTPUT_GUID = (1 << 6),
- NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
+ NFT_CTX_OUTPUT_NUMERIC_SYMBOL = (1 << 7),
NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8),
+
};
----
@@ -121,41 +118,10 @@ NFT_CTX_OUTPUT_GUID::
The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
The *nft_ctx_output_set_flags*() function sets the output flags setting in 'ctx' to the value of 'val'.
-NFT_CTX_OUTPUT_NUMERIC_PROTO::
- Display layer 4 protocol numerically.
NFT_CTX_OUTPUT_NUMERIC_PRIO::
Display base chain priority numerically.
-
-=== nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric()
-These functions allow control over value representation in library output.
-For instance, port numbers by default are printed by their name (as listed in '/etc/services' file), if known.
-In libnftables, numeric output is leveled, defined as such:
-
-----
-enum nft_numeric_level {
- NFT_NUMERIC_NONE,
- NFT_NUMERIC_ADDR,
- NFT_NUMERIC_PORT,
- NFT_NUMERIC_ALL,
-};
-----
-
-Each numeric level includes all previous ones:
-
-NFT_NUMERIC_NONE::
- No conversion into numeric format happens, this is the default.
-NFT_NUMERIC_ADDR::
- Network addresses are always converted into numeric format.
-NFT_NUMERIC_PORT::
- Network services are always converted into numeric format.
-NFT_NUMERIC_ALL::
- Everything is converted into numeric format.
-
-The default numeric level is *NFT_NUMERIC_NONE*.
-
-The *nft_ctx_output_get_numeric*() function returns the numeric output setting's value contained in 'ctx'.
-
-The *nft_ctx_output_set_numeric*() function sets the numeric output setting in 'ctx' to the value of 'level'.
+NFT_CTX_OUTPUT_NUMERIC_SYMBOL::
+ Display expression datatype as numeric value.
=== nft_ctx_output_get_debug() and nft_ctx_output_set_debug()
Libnftables supports separate debugging of different parts of its internals.
diff --git a/include/nftables.h b/include/nftables.h
index a4d01e0cddea..21c0221b9548 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -17,7 +17,6 @@ struct cookie {
struct output_ctx {
unsigned int flags;
- unsigned int numeric;
union {
FILE *output_fp;
struct cookie output_cookie;
@@ -63,9 +62,9 @@ static inline bool nft_output_guid(const struct output_ctx *octx)
return octx->flags & NFT_CTX_OUTPUT_GUID;
}
-static inline bool nft_output_numeric_proto(const struct output_ctx *octx)
+static inline bool nft_output_numeric_symbol(const struct output_ctx *octx)
{
- return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PROTO;
+ return octx->flags & NFT_CTX_OUTPUT_NUMERIC_SYMBOL;
}
static inline bool nft_output_numeric_prio(const struct output_ctx *octx)
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index fb81edc0df07..9305c02ca96c 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -26,13 +26,6 @@ enum nft_debug_level {
NFT_DEBUG_SEGTREE = 0x40,
};
-enum nft_numeric_level {
- NFT_NUMERIC_NONE,
- NFT_NUMERIC_ADDR,
- NFT_NUMERIC_PORT,
- NFT_NUMERIC_ALL,
-};
-
/**
* Possible flags to pass to nft_ctx_new()
*/
@@ -52,15 +45,13 @@ enum {
NFT_CTX_OUTPUT_JSON = (1 << 4),
NFT_CTX_OUTPUT_ECHO = (1 << 5),
NFT_CTX_OUTPUT_GUID = (1 << 6),
- NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
+ NFT_CTX_OUTPUT_NUMERIC_SYMBOL = (1 << 7),
NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8),
};
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
void nft_ctx_output_set_flags(struct nft_ctx *ctx, unsigned int flags);
-enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
-void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level);
unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
diff --git a/src/datatype.c b/src/datatype.c
index bfb70a6ebb76..4c8fb687c15b 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -196,7 +196,7 @@ void symbolic_constant_print(const struct symbol_table *tbl,
if (quotes)
nft_print(octx, "\"");
- if (octx->numeric > NFT_NUMERIC_ALL)
+ if (nft_output_numeric_symbol(octx))
nft_print(octx, "%" PRIu64 "", val);
else
nft_print(octx, "%s", s->identifier);
@@ -564,7 +564,7 @@ static void inet_protocol_type_print(const struct expr *expr,
{
struct protoent *p;
- if (!nft_output_numeric_proto(octx)) {
+ if (!nft_output_numeric_symbol(octx)) {
p = getprotobynumber(mpz_get_uint8(expr->value));
if (p != NULL) {
nft_print(octx, "%s", p->p_name);
diff --git a/src/expression.c b/src/expression.c
index 5ff469c561d5..af78c39806b2 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -663,7 +663,7 @@ static void range_expr_print(const struct expr *expr, struct output_ctx *octx)
unsigned int flags = octx->flags;
octx->flags &= ~NFT_CTX_OUTPUT_SERVICE;
- octx->flags |= NFT_CTX_OUTPUT_NUMERIC_PROTO;
+ octx->flags |= NFT_CTX_OUTPUT_NUMERIC_SYMBOL;
expr_print(expr->left, octx);
nft_print(octx, "-");
expr_print(expr->right, octx);
diff --git a/src/json.c b/src/json.c
index 8a2bcd658bd8..3ebb453b2dd5 100644
--- a/src/json.c
+++ b/src/json.c
@@ -448,7 +448,7 @@ json_t *range_expr_json(const struct expr *expr, struct output_ctx *octx)
json_t *root;
octx->flags &= ~NFT_CTX_OUTPUT_SERVICE;
- octx->flags |= NFT_CTX_OUTPUT_NUMERIC_PROTO;
+ octx->flags |= NFT_CTX_OUTPUT_NUMERIC_SYMBOL;
root = json_pack("{s:[o, o]}", "range",
expr_print_json(expr->left, octx),
expr_print_json(expr->right, octx));
@@ -812,7 +812,7 @@ static json_t *symbolic_constant_json(const struct symbol_table *tbl,
if (!s->identifier)
return expr_basetype(expr)->json(expr, octx);
- if (octx->numeric > NFT_NUMERIC_ALL)
+ if (nft_output_numeric_symbol(octx))
return json_integer(val);
else
return json_string(s->identifier);
@@ -962,7 +962,7 @@ json_t *inet_protocol_type_json(const struct expr *expr,
{
struct protoent *p;
- if (!nft_output_numeric_proto(octx)) {
+ if (!nft_output_numeric_symbol(octx)) {
p = getprotobynumber(mpz_get_uint8(expr->value));
if (p != NULL)
return json_string(p->p_name);
diff --git a/src/libnftables.c b/src/libnftables.c
index 03c15fbaf7e5..bd79cd6091d2 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -312,17 +312,6 @@ void nft_ctx_set_dry_run(struct nft_ctx *ctx, bool dry)
ctx->check = dry;
}
-enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx)
-{
- return ctx->output.numeric;
-}
-
-void nft_ctx_output_set_numeric(struct nft_ctx *ctx,
- enum nft_numeric_level level)
-{
- ctx->output.numeric = level;
-}
-
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx)
{
return ctx->output.flags;
diff --git a/src/main.c b/src/main.c
index 883261fc9d8b..224ac9361426 100644
--- a/src/main.c
+++ b/src/main.c
@@ -132,9 +132,7 @@ static void show_help(const char *name)
" -i, --interactive Read input from interactive CLI\n"
"\n"
" -j, --json Format output in JSON\n"
-" -n, --numeric When specified once, show network addresses numerically (default behaviour).\n"
-" Specify twice to also show Internet services (port numbers) numerically.\n"
-" Specify three times to also show protocols, user IDs, and group IDs numerically.\n"
+" -n, --numeric Print output fully numerical.\n"
" -s, --stateless Omit stateful information of ruleset.\n"
" -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n"
" -N Translate IP addresses to names.\n"
@@ -188,10 +186,9 @@ static const struct {
int main(int argc, char * const *argv)
{
+ bool interactive = false, numeric = false;
char *buf = NULL, *filename = NULL;
- enum nft_numeric_level numeric;
unsigned int output_flags = 0;
- bool interactive = false;
unsigned int debug_mask;
unsigned int len;
int i, val, rc;
@@ -229,14 +226,9 @@ int main(int argc, char * const *argv)
}
break;
case OPT_NUMERIC:
- numeric = nft_ctx_output_get_numeric(nft);
- if (numeric == NFT_NUMERIC_ALL) {
- fprintf(stderr, "Too many numeric options "
- "used, max. %u\n",
- NFT_NUMERIC_ALL);
- exit(EXIT_FAILURE);
- }
- nft_ctx_output_set_numeric(nft, numeric + 1);
+ numeric = true;
+ output_flags |= (NFT_CTX_OUTPUT_NUMERIC_PRIO |
+ NFT_CTX_OUTPUT_NUMERIC_SYMBOL);
break;
case OPT_STATELESS:
output_flags |= NFT_CTX_OUTPUT_STATELESS;
@@ -298,6 +290,13 @@ int main(int argc, char * const *argv)
}
}
+ if (numeric &&
+ (output_flags &
+ (NFT_CTX_OUTPUT_REVERSEDNS |
+ NFT_CTX_OUTPUT_SERVICE |
+ NFT_CTX_OUTPUT_GUID)))
+ fprintf(stderr, "cannot combine `-n' with `-N', `-S', '-u'\n");
+
nft_ctx_output_set_flags(nft, output_flags);
if (optind != argc) {
diff --git a/src/monitor.c b/src/monitor.c
index b2267e1f63e4..0e735ed5b1aa 100644
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -835,11 +835,9 @@ static int netlink_events_newgen_cb(const struct nlmsghdr *nlh, int type,
}
if (genid >= 0) {
nft_mon_print(monh, "# new generation %d", genid);
- if (pid >= 0) {
- nft_mon_print(monh, " by process %d", pid);
- if (!monh->ctx->nft->output.numeric)
- nft_mon_print(monh, " (%s)", name);
- }
+ if (pid >= 0)
+ nft_mon_print(monh, " by process %d (%s)", pid, name);
+
nft_mon_print(monh, "\n");
}
diff --git a/tests/shell/testcases/netns/0001nft-f_0 b/tests/shell/testcases/netns/0001nft-f_0
index 642498260e00..8344808760b7 100755
--- a/tests/shell/testcases/netns/0001nft-f_0
+++ b/tests/shell/testcases/netns/0001nft-f_0
@@ -90,7 +90,7 @@ if [ $? -ne 0 ] ; then
exit 1
fi
-KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
+KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
$IP netns del $NETNS_NAME
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
diff --git a/tests/shell/testcases/netns/0002loosecommands_0 b/tests/shell/testcases/netns/0002loosecommands_0
index 3910446a5565..e62782804da4 100755
--- a/tests/shell/testcases/netns/0002loosecommands_0
+++ b/tests/shell/testcases/netns/0002loosecommands_0
@@ -53,7 +53,7 @@ RULESET="table ip t {
}
}"
-KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
+KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
$IP netns del $NETNS_NAME
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
diff --git a/tests/shell/testcases/netns/0003many_0 b/tests/shell/testcases/netns/0003many_0
index 5ec4b2e4358f..61ad37bddadb 100755
--- a/tests/shell/testcases/netns/0003many_0
+++ b/tests/shell/testcases/netns/0003many_0
@@ -94,7 +94,7 @@ function test_netns()
exit 1
fi
- KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
+ KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
echo "E: ruleset in netns $NETNS_NAME differs from the loaded" >&2
DIFF="$(which diff)"
--
2.11.0
