src: print 'handle' attribute in tables

Print 'handle' attribute in tables, when listing via '-a' option

For eg.
nft list ruleset -a

table ip test-ip4 {
	chain input {
		ip saddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
	}
 # handle 1}
table ip filter {
	chain output {
		tcp dport ssh counter packets 0 bytes 0 # handle 4
	}
 # handle 2}
table ip xyz {
 # handle 3}

Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index b2d36004b85d0c4fe83d8c6857804860f565e0be..4854210de4e153791b157f00d28d534935eb7e69 100644 (file)
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -168,12 +168,14 @@ enum nft_table_flags {
  * @NFTA_TABLE_NAME: name of the table (NLA_STRING)
  * @NFTA_TABLE_FLAGS: bitmask of enum nft_table_flags (NLA_U32)
  * @NFTA_TABLE_USE: number of chains in this table (NLA_U32)
+ * @NFTA_TABLE_HANDLE: numeric handle of the table (NLA_U64)
  */
 enum nft_table_attributes {
        NFTA_TABLE_UNSPEC,
        NFTA_TABLE_NAME,
        NFTA_TABLE_FLAGS,
        NFTA_TABLE_USE,
+       NFTA_TABLE_HANDLE,
        __NFTA_TABLE_MAX
 };
 #define NFTA_TABLE_MAX         (__NFTA_TABLE_MAX - 1)
@@ -1320,6 +1322,7 @@ enum nft_object_attributes {
  *
  * @NFTA_TRACE_TABLE: name of the table (NLA_STRING)
  * @NFTA_TRACE_CHAIN: name of the chain (NLA_STRING)
+ * @NFTA_TRACE_TABLE_HANDLE: numeric handle of the table (NLA_U64)
  * @NFTA_TRACE_RULE_HANDLE: numeric handle of the rule (NLA_U64)
  * @NFTA_TRACE_TYPE: type of the event (NLA_U32: nft_trace_types)
  * @NFTA_TRACE_VERDICT: verdict returned by hook (NLA_NESTED: nft_verdicts)
@@ -1339,6 +1342,7 @@ enum nft_trace_attributes {
        NFTA_TRACE_UNSPEC,
        NFTA_TRACE_TABLE,
        NFTA_TRACE_CHAIN,
+       NFTA_TRACE_TABLE_HANDLE,
        NFTA_TRACE_RULE_HANDLE,
        NFTA_TRACE_TYPE,
        NFTA_TRACE_VERDICT,

diff --git a/src/netlink.c b/src/netlink.c
index d4ed09bfc5ca5169954fb9b804936d6bd1c20393..728b6fdf95d5b59ab03e6117217d5aa16509a5fc 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -126,6 +126,8 @@ struct nftnl_table *alloc_nftnl_table(const struct handle *h)
        nftnl_table_set_u32(nlt, NFTNL_TABLE_FAMILY, h->family);
        if (h->table != NULL)
                nftnl_table_set(nlt, NFTNL_TABLE_NAME, h->table);
+       if (h->handle.id)
+               nftnl_table_set_u64(nlt, NFTNL_TABLE_HANDLE, h->handle.id);
 
        return nlt;
 }
@@ -140,7 +142,7 @@ struct nftnl_chain *alloc_nftnl_chain(const struct handle *h)
 
        nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, h->family);
        nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, h->table);
-       if (h->handle.id != 0)
+       if (h->handle.id)
                nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, h->handle.id);
        if (h->chain != NULL)
                nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, h->chain);
@@ -810,6 +812,7 @@ static struct table *netlink_delinearize_table(struct netlink_ctx *ctx,
        table->handle.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY);
        table->handle.table  = xstrdup(nftnl_table_get_str(nlt, NFTNL_TABLE_NAME));
        table->flags         = nftnl_table_get_u32(nlt, NFTNL_TABLE_FLAGS);
+       table->handle.handle.id = nftnl_table_get_u64(nlt, NFTNL_TABLE_HANDLE);
 
        return table;
 }
@@ -838,6 +841,7 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h,
                return 0;
        }
 
+       ctx->data = h;
        nftnl_table_list_foreach(table_cache, list_table_cb, ctx);
        nftnl_table_list_free(table_cache);
        return 0;

diff --git a/src/rule.c b/src/rule.c
index 771b2a1275cdb95b3214f800ab8be231fd89d6ab..52b6adacec8f9251f0baf72da082b122e4c5622d 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -879,6 +879,8 @@ static void table_print(const struct table *table, struct output_ctx *octx)
                chain_print(chain, octx);
                delim = "\n";
        }
+       if (octx->handle > 0)
+               nft_print(octx, " # handle %" PRIu64, table->handle.handle.id);
        nft_print(octx, "}\n");
 }