void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*,
enum nft_numeric_level* 'level'*);
-bool nft_ctx_output_get_stateless(struct nft_ctx* '\*ctx'*);
-void nft_ctx_output_set_stateless(struct nft_ctx* '\*ctx'*, bool* 'val'*);
-
unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*);
void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*);
enum {
NFT_CTX_OUTPUT_REVERSEDNS = (1 << 0),
NFT_CTX_OUTPUT_SERVICE = (1 << 1),
+ NFT_CTX_OUTPUT_STATELESS = (1 << 2),
};
----
Reverse DNS lookups are performed for IP addresses when printing. Note that this may add significant delay to *list* commands depending on DNS resolver speed.
NFT_CTX_OUTPUT_SERVICE::
Print port numbers as services as described in the /etc/services file.
+NFT_CTX_OUTPUT_STATELESS::
+ If stateless output has been requested then stateful data is not printed.
+Stateful data refers to those objects that carry run-time data, eg. the *counter* statement holds packet and byte counter values, making it stateful.
The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
The *nft_ctx_output_set_numeric*() function sets the numeric output setting in 'ctx' to the value of 'level'.
-=== nft_ctx_output_get_stateless() and nft_ctx_output_set_stateless()
-In nftables, there are stateful objects, i.e. ruleset elements which carry run-time data.
-For example the *counter* statement holds packet and byte counter values, making it stateful.
-If stateless output has been requested, this data is omitted when printing ruleset elements.
-The default setting is *false*.
-
-
-The *nft_ctx_output_get_stateless*() function returns the stateless output setting's value in 'ctx'.
-
-The *nft_ctx_output_set_stateless*() function sets the stateless output setting in 'ctx' to the value of 'val'.
-
=== nft_ctx_output_get_debug() and nft_ctx_output_set_debug()
Libnftables supports separate debugging of different parts of its internals.
To facilitate this, debugging output is controlled via a bit mask.
struct output_ctx {
unsigned int flags;
unsigned int numeric;
- unsigned int stateless;
unsigned int handle;
unsigned int echo;
unsigned int json;
return octx->flags & NFT_CTX_OUTPUT_SERVICE;
}
+static inline bool nft_output_stateless(const struct output_ctx *octx)
+{
+ return octx->flags & NFT_CTX_OUTPUT_STATELESS;
+}
+
struct nft_cache {
uint16_t genid;
struct list_head list;
enum {
NFT_CTX_OUTPUT_REVERSEDNS = (1 << 0),
NFT_CTX_OUTPUT_SERVICE = (1 << 1),
+ NFT_CTX_OUTPUT_STATELESS = (1 << 2),
};
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level);
-bool nft_ctx_output_get_stateless(struct nft_ctx *ctx);
-void nft_ctx_output_set_stateless(struct nft_ctx *ctx, bool val);
unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
bool nft_ctx_output_get_handle(struct nft_ctx *ctx);
nft_print(octx, " timeout ");
time_print(expr->timeout, octx);
}
- if (!octx->stateless && expr->expiration) {
+ if (!nft_output_stateless(octx) && expr->expiration) {
nft_print(octx, " expires ");
time_print(expr->expiration, octx);
}
if (stmt->quota.flags & NFT_QUOTA_F_INV)
json_object_set_new(root, "inv", json_true());
- if (!octx->stateless && stmt->quota.used) {
+ if (!nft_output_stateless(octx) && stmt->quota.used) {
data_unit = get_rate(stmt->quota.used, &bytes);
json_object_set_new(root, "used", json_integer(bytes));
json_object_set_new(root, "used_unit", json_string(data_unit));
json_t *counter_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
{
- if (octx->stateless)
+ if (nft_output_stateless(octx))
return json_pack("{s:n}", "counter");
return json_pack("{s:{s:I, s:I}}", "counter",
json_t *meter_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
{
+ unsigned int flags = octx->flags;
json_t *root, *tmp;
- octx->stateless++;
+ octx->flags |= NFT_CTX_OUTPUT_STATELESS;
tmp = stmt_print_json(stmt->meter.stmt, octx);
- octx->stateless--;
+ octx->flags = flags;
root = json_pack("{s:o, s:o, s:i}",
"key", expr_print_json(stmt->meter.key, octx),
ctx->output.numeric = level;
}
-bool nft_ctx_output_get_stateless(struct nft_ctx *ctx)
-{
- return ctx->output.stateless;
-}
-
-void nft_ctx_output_set_stateless(struct nft_ctx *ctx, bool val)
-{
- ctx->output.stateless = val;
-}
-
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx)
{
return ctx->output.flags;
nft_ctx_output_set_numeric(nft, numeric + 1);
break;
case OPT_STATELESS:
- nft_ctx_output_set_stateless(nft, true);
+ output_flags |= NFT_CTX_OUTPUT_STATELESS;
break;
case OPT_IP2NAME:
output_flags |= NFT_CTX_OUTPUT_REVERSEDNS;
{
set_print_declaration(set, opts, octx);
- if (set->flags & NFT_SET_EVAL && octx->stateless) {
+ if (set->flags & NFT_SET_EVAL && nft_output_stateless(octx)) {
nft_print(octx, "%s}%s", opts->tab, opts->nl);
return;
}
if (octx->handle > 0)
nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
- if (octx->stateless) {
+ if (nft_output_stateless(octx)) {
nft_print(octx, "packets 0 bytes 0");
break;
}
nft_print(octx, "%s%" PRIu64 " %s",
obj->quota.flags & NFT_QUOTA_F_INV ? "over " : "",
bytes, data_unit);
- if (!octx->stateless && obj->quota.used) {
+ if (!nft_output_stateless(octx) && obj->quota.used) {
data_unit = get_rate(obj->quota.used, &bytes);
nft_print(octx, " used %" PRIu64 " %s",
bytes, data_unit);
static void meter_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
{
+ unsigned int flags = octx->flags;
+
nft_print(octx, "meter ");
if (stmt->meter.set) {
expr_print(stmt->meter.set, octx);
expr_print(stmt->meter.key, octx);
nft_print(octx, " ");
- octx->stateless++;
+ octx->flags |= NFT_CTX_OUTPUT_STATELESS;
stmt_print(stmt->meter.stmt, octx);
- octx->stateless--;
+ octx->flags = flags;
nft_print(octx, "} ");
{
nft_print(octx, "counter");
- if (octx->stateless)
+ if (nft_output_stateless(octx))
return;
nft_print(octx, " packets %" PRIu64 " bytes %" PRIu64,
nft_print(octx, "quota %s%" PRIu64 " %s",
inv ? "over " : "", bytes, data_unit);
- if (!octx->stateless && stmt->quota.used) {
+ if (!nft_output_stateless(octx) && stmt->quota.used) {
data_unit = get_rate(stmt->quota.used, &used);
nft_print(octx, " used %" PRIu64 " %s", used, data_unit);
}
static void set_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
{
+ unsigned int flags = octx->flags;
+
nft_print(octx, "%s ", set_stmt_op_names[stmt->set.op]);
expr_print(stmt->set.set, octx);
nft_print(octx, " { ");
expr_print(stmt->set.key, octx);
if (stmt->set.stmt) {
nft_print(octx, " ");
- octx->stateless++;
+ octx->flags |= NFT_CTX_OUTPUT_STATELESS;
stmt_print(stmt->set.stmt, octx);
- octx->stateless--;
+ octx->flags = flags;
}
nft_print(octx, " }");
}
static void map_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
{
+ unsigned int flags = octx->flags;
+
nft_print(octx, "%s ", set_stmt_op_names[stmt->map.op]);
expr_print(stmt->map.set, octx);
nft_print(octx, " { ");
expr_print(stmt->map.key, octx);
if (stmt->map.stmt) {
nft_print(octx, " ");
- octx->stateless++;
+ octx->flags |= NFT_CTX_OUTPUT_STATELESS;
stmt_print(stmt->map.stmt, octx);
- octx->stateless--;
+ octx->flags = flags;
}
nft_print(octx, " : ");
expr_print(stmt->map.data, octx);
projects / thirdparty / nftables.git / commitdiff
