unsigned int nft_ctx_output_get_flags(struct nft_ctx* '\*ctx'*);
void nft_ctx_output_set_flags(struct nft_ctx* '\*ctx'*, unsigned int* 'flags'*);
-enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx* '\*ctx'*);
-void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*,
- enum nft_numeric_level* 'level'*);
-
unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*);
void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*);
Display layer 4 protocol numerically.
NFT_CTX_OUTPUT_NUMERIC_PRIO::
Display base chain priority numerically.
-
-=== nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric()
-These functions allow control over value representation in library output.
-For instance, port numbers by default are printed by their name (as listed in '/etc/services' file), if known.
-In libnftables, numeric output is leveled, defined as such:
-
-----
-enum nft_numeric_level {
- NFT_NUMERIC_NONE,
- NFT_NUMERIC_ADDR,
- NFT_NUMERIC_PORT,
- NFT_NUMERIC_ALL,
-};
-----
-
-Each numeric level includes all previous ones:
-
-NFT_NUMERIC_NONE::
- No conversion into numeric format happens, this is the default.
-NFT_NUMERIC_ADDR::
- Network addresses are always converted into numeric format.
-NFT_NUMERIC_PORT::
- Network services are always converted into numeric format.
-NFT_NUMERIC_ALL::
- Everything is converted into numeric format.
-
-The default numeric level is *NFT_NUMERIC_NONE*.
-
-The *nft_ctx_output_get_numeric*() function returns the numeric output setting's value contained in 'ctx'.
-
-The *nft_ctx_output_set_numeric*() function sets the numeric output setting in 'ctx' to the value of 'level'.
+NFT_CTX_OUTPUT_NUMERIC_SYMBOL::
+ Display expression datatype as numeric value.
+NFT_CTX_OUTPUT_NUMERIC_ALL::
+ Display all numerically.
=== nft_ctx_output_get_debug() and nft_ctx_output_set_debug()
Libnftables supports separate debugging of different parts of its internals.
*-n*::
*--numeric*::
- Show data numerically. When used once (the default behaviour), skip
- lookup of addresses to symbolic names. Use twice to also show Internet
- services (port numbers) numerically. Use three times to also show
- protocols, UIDs/GIDs and priorities numerically.
+ Print fully numerical output.
*-s*::
*--stateless*::
struct output_ctx {
unsigned int flags;
- unsigned int numeric;
union {
FILE *output_fp;
struct cookie output_cookie;
return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PRIO;
}
+static inline bool nft_output_numeric_symbol(const struct output_ctx *octx)
+{
+ return octx->flags & NFT_CTX_OUTPUT_NUMERIC_SYMBOL;
+}
+
struct nft_cache {
uint16_t genid;
struct list_head list;
NFT_DEBUG_SEGTREE = 0x40,
};
-enum nft_numeric_level {
- NFT_NUMERIC_NONE,
- NFT_NUMERIC_ADDR,
- NFT_NUMERIC_PORT,
- NFT_NUMERIC_ALL,
-};
-
/**
* Possible flags to pass to nft_ctx_new()
*/
NFT_CTX_OUTPUT_GUID = (1 << 6),
NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8),
+ NFT_CTX_OUTPUT_NUMERIC_SYMBOL = (1 << 9),
+ NFT_CTX_OUTPUT_NUMERIC_ALL = (NFT_CTX_OUTPUT_NUMERIC_PROTO |
+ NFT_CTX_OUTPUT_NUMERIC_PRIO |
+ NFT_CTX_OUTPUT_NUMERIC_SYMBOL),
};
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
void nft_ctx_output_set_flags(struct nft_ctx *ctx, unsigned int flags);
-enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
-void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level);
unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
if (quotes)
nft_print(octx, "\"");
- if (octx->numeric > NFT_NUMERIC_ALL)
+ if (nft_output_numeric_symbol(octx))
nft_print(octx, "%" PRIu64 "", val);
else
nft_print(octx, "%s", s->identifier);
if (!s->identifier)
return expr_basetype(expr)->json(expr, octx);
- if (octx->numeric > NFT_NUMERIC_ALL)
+ if (nft_output_numeric_symbol(octx))
return json_integer(val);
else
return json_string(s->identifier);
ctx->check = dry;
}
-enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx)
-{
- return ctx->output.numeric;
-}
-
-void nft_ctx_output_set_numeric(struct nft_ctx *ctx,
- enum nft_numeric_level level)
-{
- ctx->output.numeric = level;
-}
-
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx)
{
return ctx->output.flags;
" -i, --interactive Read input from interactive CLI\n"
"\n"
" -j, --json Format output in JSON\n"
-" -n, --numeric When specified once, show network addresses numerically (default behaviour).\n"
-" Specify twice to also show Internet services (port numbers) numerically.\n"
-" Specify three times to also show protocols, user IDs, and group IDs numerically.\n"
+" -n, --numeric Print fully numerical output.\n"
" -s, --stateless Omit stateful information of ruleset.\n"
" -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n"
" -N Translate IP addresses to names.\n"
int main(int argc, char * const *argv)
{
char *buf = NULL, *filename = NULL;
- enum nft_numeric_level numeric;
unsigned int output_flags = 0;
bool interactive = false;
unsigned int debug_mask;
}
break;
case OPT_NUMERIC:
- numeric = nft_ctx_output_get_numeric(nft);
- if (numeric == NFT_NUMERIC_ALL) {
- fprintf(stderr, "Too many numeric options "
- "used, max. %u\n",
- NFT_NUMERIC_ALL);
- exit(EXIT_FAILURE);
- }
- nft_ctx_output_set_numeric(nft, numeric + 1);
+ output_flags |= NFT_CTX_OUTPUT_NUMERIC_ALL;
break;
case OPT_STATELESS:
output_flags |= NFT_CTX_OUTPUT_STATELESS;
}
if (genid >= 0) {
nft_mon_print(monh, "# new generation %d", genid);
- if (pid >= 0) {
- nft_mon_print(monh, " by process %d", pid);
- if (!monh->ctx->nft->output.numeric)
- nft_mon_print(monh, " (%s)", name);
- }
+ if (pid >= 0)
+ nft_mon_print(monh, " by process %d (%s)", pid, name);
+
nft_mon_print(monh, "\n");
}
exit 1
fi
-KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
+KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
$IP netns del $NETNS_NAME
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
}
}"
-KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
+KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
$IP netns del $NETNS_NAME
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
exit 1
fi
- KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
+ KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
echo "E: ruleset in netns $NETNS_NAME differs from the loaded" >&2
DIFF="$(which diff)"
projects / thirdparty / nftables.git / commitdiff
