rule: display hook info

It was not possible to restore a ruleset because of missing
hook information. This patch adds hooknum output to list
operation.

[ Mangled this patch to use a string array mapping hook numbers
  and name --pablo ]

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/rule.c b/src/rule.c
index e7627a7ea826c438d7bb0c6a1bbbb1897b00c92e..5a894cc9284d48d897bfaa4b01e273fba8d79a6d 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -19,6 +19,8 @@
 #include <rule.h>
 #include <utils.h>
 
+#include <netinet/ip.h>
+#include <linux/netfilter.h>
 
 void handle_free(struct handle *h)
 {
@@ -224,11 +226,32 @@ struct chain *chain_lookup(const struct table *table, const struct handle *h)
        return NULL;
 }
 
+static const char *hooknum2str_array[NF_INET_NUMHOOKS] = {
+       [NF_INET_PRE_ROUTING]   = "NF_INET_PRE_ROUTING",
+       [NF_INET_LOCAL_IN]      = "NF_INET_LOCAL_IN",
+       [NF_INET_FORWARD]       = "NF_INET_FORWARD",
+       [NF_INET_LOCAL_OUT]     = "NF_INET_LOCAL_OUT",
+       [NF_INET_POST_ROUTING]  = "NF_INET_POST_ROUTING",
+};
+
+static const char *hooknum2str(unsigned int hooknum)
+{
+       if (hooknum >= NF_INET_NUMHOOKS)
+               return "UNKNOWN";
+
+       return hooknum2str_array[hooknum];
+}
+
 static void chain_print(const struct chain *chain)
 {
        struct rule *rule;
 
        printf("\tchain %s {\n", chain->handle.chain);
+       if (chain->hooknum) {
+               printf("\t\t hook %s %u;\n",
+               hooknum2str(chain->hooknum),
+               chain->priority);
+       }
        list_for_each_entry(rule, &chain->rules, list) {
                printf("\t\t");
                rule_print(rule);