This patch adds NFT_CTX_OUTPUT_NUMERIC_SYMBOL, which replaces the last
client of the numeric level approach.
This patch updates `-n' option semantics to display all output
numerically.
Note that monitor code was still using the -n option to skip printing
the process name, this patch updates that path too to print it
inconditionally to simplify things.
Given the numeric levels have no more clients after this patch, remove
that code.
Update several tests/shell not to use -nn.
This patch adds NFT_CTX_OUTPUT_NUMERIC_ALL which enables all flags to
provide a fully numerical output.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
v3: Add NFT_CTX_OUTPUT_NUMERIC_ALL.
Allow to combine -N, -S with -n.
Leave NFT_CTX_OUTPUT_NUMERIC_PROTO in place. -Requested by Phil.
doc/libnftables.adoc | 39 +++----------------------
include/nftables.h | 6 +++-
include/nftables/libnftables.h | 13 +++------
src/datatype.c | 2 +-
src/json.c | 2 +-
src/libnftables.c | 11 -------
src/main.c | 14 ++-------
src/monitor.c | 8 ++---
tests/shell/testcases/netns/0001nft-f_0 | 2 +-
tests/shell/testcases/netns/0002loosecommands_0 | 2 +-
tests/shell/testcases/netns/0003many_0 | 2 +-
11 files changed, 23 insertions(+), 78 deletions(-)
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index 788194396db1..007506784600 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -21,10 +21,6 @@ void nft_ctx_set_dry_run(struct nft_ctx* '\*ctx'*, bool* 'dry'*);
unsigned int nft_ctx_output_get_flags(struct nft_ctx* '\*ctx'*);
void nft_ctx_output_set_flags(struct nft_ctx* '\*ctx'*, unsigned int* 'flags'*);
-enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx* '\*ctx'*);
-void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*,
- enum nft_numeric_level* 'level'*);
-
unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*);
void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*);
@@ -125,37 +121,10 @@ NFT_CTX_OUTPUT_NUMERIC_PROTO::
Display layer 4 protocol numerically.
NFT_CTX_OUTPUT_NUMERIC_PRIO::
Display base chain priority numerically.
-
-=== nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric()
-These functions allow control over value representation in library output.
-For instance, port numbers by default are printed by their name (as listed in '/etc/services' file), if known.
-In libnftables, numeric output is leveled, defined as such:
-
-----
-enum nft_numeric_level {
- NFT_NUMERIC_NONE,
- NFT_NUMERIC_ADDR,
- NFT_NUMERIC_PORT,
- NFT_NUMERIC_ALL,
-};
-----
-
-Each numeric level includes all previous ones:
-
-NFT_NUMERIC_NONE::
- No conversion into numeric format happens, this is the default.
-NFT_NUMERIC_ADDR::
- Network addresses are always converted into numeric format.
-NFT_NUMERIC_PORT::
- Network services are always converted into numeric format.
-NFT_NUMERIC_ALL::
- Everything is converted into numeric format.
-
-The default numeric level is *NFT_NUMERIC_NONE*.
-
-The *nft_ctx_output_get_numeric*() function returns the numeric output setting's value contained in 'ctx'.
-
-The *nft_ctx_output_set_numeric*() function sets the numeric output setting in 'ctx' to the value of 'level'.
+NFT_CTX_OUTPUT_NUMERIC_SYMBOL::
+ Display expression datatype as numeric value.
+NFT_CTX_OUTPUT_NUMERIC_ALL::
+ Display all numerically.
=== nft_ctx_output_get_debug() and nft_ctx_output_set_debug()
Libnftables supports separate debugging of different parts of its internals.
diff --git a/include/nftables.h b/include/nftables.h
index a4d01e0cddea..5c0292615b3f 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -17,7 +17,6 @@ struct cookie {
struct output_ctx {
unsigned int flags;
- unsigned int numeric;
union {
FILE *output_fp;
struct cookie output_cookie;
@@ -73,6 +72,11 @@ static inline bool nft_output_numeric_prio(const struct output_ctx *octx)
return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PRIO;
}
+static inline bool nft_output_numeric_symbol(const struct output_ctx *octx)
+{
+ return octx->flags & NFT_CTX_OUTPUT_NUMERIC_SYMBOL;
+}
+
struct nft_cache {
uint16_t genid;
struct list_head list;
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index fb81edc0df07..70e9d238843a 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -26,13 +26,6 @@ enum nft_debug_level {
NFT_DEBUG_SEGTREE = 0x40,
};
-enum nft_numeric_level {
- NFT_NUMERIC_NONE,
- NFT_NUMERIC_ADDR,
- NFT_NUMERIC_PORT,
- NFT_NUMERIC_ALL,
-};
-
/**
* Possible flags to pass to nft_ctx_new()
*/
@@ -54,13 +47,15 @@ enum {
NFT_CTX_OUTPUT_GUID = (1 << 6),
NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8),
+ NFT_CTX_OUTPUT_NUMERIC_SYMBOL = (1 << 9),
+ NFT_CTX_OUTPUT_NUMERIC_ALL = (NFT_CTX_OUTPUT_NUMERIC_PROTO |
+ NFT_CTX_OUTPUT_NUMERIC_PRIO |
+ NFT_CTX_OUTPUT_NUMERIC_SYMBOL),
};
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
void nft_ctx_output_set_flags(struct nft_ctx *ctx, unsigned int flags);
-enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
-void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level);
unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
diff --git a/src/datatype.c b/src/datatype.c
index bfb70a6ebb76..6af1c84350d1 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -196,7 +196,7 @@ void symbolic_constant_print(const struct symbol_table *tbl,
if (quotes)
nft_print(octx, "\"");
- if (octx->numeric > NFT_NUMERIC_ALL)
+ if (nft_output_numeric_symbol(octx))
nft_print(octx, "%" PRIu64 "", val);
else
nft_print(octx, "%s", s->identifier);
diff --git a/src/json.c b/src/json.c
index 8a2bcd658bd8..fc92d4641fcf 100644
--- a/src/json.c
+++ b/src/json.c
@@ -812,7 +812,7 @@ static json_t *symbolic_constant_json(const struct symbol_table *tbl,
if (!s->identifier)
return expr_basetype(expr)->json(expr, octx);
- if (octx->numeric > NFT_NUMERIC_ALL)
+ if (nft_output_numeric_symbol(octx))
return json_integer(val);
else
return json_string(s->identifier);
diff --git a/src/libnftables.c b/src/libnftables.c
index 03c15fbaf7e5..bd79cd6091d2 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -312,17 +312,6 @@ void nft_ctx_set_dry_run(struct nft_ctx *ctx, bool dry)
ctx->check = dry;
}
-enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx)
-{
- return ctx->output.numeric;
-}
-
-void nft_ctx_output_set_numeric(struct nft_ctx *ctx,
- enum nft_numeric_level level)
-{
- ctx->output.numeric = level;
-}
-
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx)
{
return ctx->output.flags;
diff --git a/src/main.c b/src/main.c
index 883261fc9d8b..1f01a6c0b528 100644
--- a/src/main.c
+++ b/src/main.c
@@ -132,9 +132,7 @@ static void show_help(const char *name)
" -i, --interactive Read input from interactive CLI\n"
"\n"
" -j, --json Format output in JSON\n"
-" -n, --numeric When specified once, show network addresses numerically (default behaviour).\n"
-" Specify twice to also show Internet services (port numbers) numerically.\n"
-" Specify three times to also show protocols, user IDs, and group IDs numerically.\n"
+" -n, --numeric Print fully numerical output.\n"
" -s, --stateless Omit stateful information of ruleset.\n"
" -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n"
" -N Translate IP addresses to names.\n"
@@ -189,7 +187,6 @@ static const struct {
int main(int argc, char * const *argv)
{
char *buf = NULL, *filename = NULL;
- enum nft_numeric_level numeric;
unsigned int output_flags = 0;
bool interactive = false;
unsigned int debug_mask;
@@ -229,14 +226,7 @@ int main(int argc, char * const *argv)
}
break;
case OPT_NUMERIC:
- numeric = nft_ctx_output_get_numeric(nft);
- if (numeric == NFT_NUMERIC_ALL) {
- fprintf(stderr, "Too many numeric options "
- "used, max. %u\n",
- NFT_NUMERIC_ALL);
- exit(EXIT_FAILURE);
- }
- nft_ctx_output_set_numeric(nft, numeric + 1);
+ output_flags |= NFT_CTX_OUTPUT_NUMERIC_ALL;
break;
case OPT_STATELESS:
output_flags |= NFT_CTX_OUTPUT_STATELESS;
diff --git a/src/monitor.c b/src/monitor.c
index b2267e1f63e4..0e735ed5b1aa 100644
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -835,11 +835,9 @@ static int netlink_events_newgen_cb(const struct nlmsghdr *nlh, int type,
}
if (genid >= 0) {
nft_mon_print(monh, "# new generation %d", genid);
- if (pid >= 0) {
- nft_mon_print(monh, " by process %d", pid);
- if (!monh->ctx->nft->output.numeric)
- nft_mon_print(monh, " (%s)", name);
- }
+ if (pid >= 0)
+ nft_mon_print(monh, " by process %d (%s)", pid, name);
+
nft_mon_print(monh, "\n");
}
diff --git a/tests/shell/testcases/netns/0001nft-f_0 b/tests/shell/testcases/netns/0001nft-f_0
index 642498260e00..8344808760b7 100755
--- a/tests/shell/testcases/netns/0001nft-f_0
+++ b/tests/shell/testcases/netns/0001nft-f_0
@@ -90,7 +90,7 @@ if [ $? -ne 0 ] ; then
exit 1
fi
-KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
+KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
$IP netns del $NETNS_NAME
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
diff --git a/tests/shell/testcases/netns/0002loosecommands_0 b/tests/shell/testcases/netns/0002loosecommands_0
index 3910446a5565..e62782804da4 100755
--- a/tests/shell/testcases/netns/0002loosecommands_0
+++ b/tests/shell/testcases/netns/0002loosecommands_0
@@ -53,7 +53,7 @@ RULESET="table ip t {
}
}"
-KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
+KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
$IP netns del $NETNS_NAME
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
diff --git a/tests/shell/testcases/netns/0003many_0 b/tests/shell/testcases/netns/0003many_0
index 5ec4b2e4358f..61ad37bddadb 100755
--- a/tests/shell/testcases/netns/0003many_0
+++ b/tests/shell/testcases/netns/0003many_0
@@ -94,7 +94,7 @@ function test_netns()
exit 1
fi
- KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
+ KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
echo "E: ruleset in netns $NETNS_NAME differs from the loaded" >&2
DIFF="$(which diff)"
--
2.11.0
