src: add -y to priority base chain nummerically

By default base chains are printed using default hook priority
definitions. Add -y option to print them as numbers.

Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index dc3299f037dfa3c7b9b0562b5814ee4c42471a43..788194396db1e9b2f8bb2b47fd7074a24e1ad8cf 100644 (file)
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -92,6 +92,7 @@ enum {
         NFT_CTX_OUTPUT_ECHO        = (1 << 5),
         NFT_CTX_OUTPUT_GUID        = (1 << 6),
         NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
+        NFT_CTX_OUTPUT_NUMERIC_PRIO = (1 << 8),
 };
 ----
 
@@ -122,6 +123,8 @@ The *nft_ctx_output_get_flags*() function returns the output flags setting's val
 The *nft_ctx_output_set_flags*() function sets the output flags setting in 'ctx' to the value of 'val'.
 NFT_CTX_OUTPUT_NUMERIC_PROTO::
        Display layer 4 protocol numerically.
+NFT_CTX_OUTPUT_NUMERIC_PRIO::
+       Display base chain priority numerically.
 
 === nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric()
 These functions allow control over value representation in library output.

diff --git a/doc/nft.txt b/doc/nft.txt
index 39527c4e8e55a935f73a28e4da98434b83d2f1ac..99ac0e333a938aa75c393c3e10214ed302e42bb8 100644 (file)
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -56,6 +56,10 @@ For a full summary of options, run *nft --help*.
 *--guid**::
        Translate numeric UID/GID to names as defined by /etc/passwd and /etc/group.
 
+*-y*::
+*--numeric-priority**::
+       Display base chain priority numerically.
+
 *-c*::
 *--check*::
        Check commands validity without actually applying the changes.

diff --git a/include/nftables.h b/include/nftables.h
index d0031e8411341c9fb23a9ae2029b8c8f765afad4..a4d01e0cddea3df18d8644fcada12024b07eb349 100644 (file)
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -68,6 +68,11 @@ static inline bool nft_output_numeric_proto(const struct output_ctx *octx)
        return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PROTO;
 }
 
+static inline bool nft_output_numeric_prio(const struct output_ctx *octx)
+{
+       return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PRIO;
+}
+
 struct nft_cache {
        uint16_t                genid;
        struct list_head        list;

diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index 74f2dabbd1d58620c4c47fc4728aed00840dc19e..fb81edc0df076f1e845a8008a8d0aec146795e56 100644 (file)
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -53,6 +53,7 @@ enum {
        NFT_CTX_OUTPUT_ECHO             = (1 << 5),
        NFT_CTX_OUTPUT_GUID             = (1 << 6),
        NFT_CTX_OUTPUT_NUMERIC_PROTO    = (1 << 7),
+       NFT_CTX_OUTPUT_NUMERIC_PRIO     = (1 << 8),
 };
 
 unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);

diff --git a/src/main.c b/src/main.c
index 0c8fa1e9a108aff5426274dbe59f8cf6b4de9165..883261fc9d8b8e596a50e377a75388a9ee618a10 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -40,10 +40,10 @@ enum opt_vals {
        OPT_HANDLE_OUTPUT       = 'a',
        OPT_ECHO                = 'e',
        OPT_GUID                = 'u',
+       OPT_NUMERIC_PRIO        = 'y',
        OPT_INVALID             = '?',
 };
-
-#define OPTSTRING      "hvcf:iI:jvnsNaeSu"
+#define OPTSTRING      "hvcf:iI:jvnsNaeSupy"
 
 static const struct option options[] = {
        {
@@ -109,6 +109,10 @@ static const struct option options[] = {
                .name           = "guid",
                .val            = OPT_GUID,
        },
+       {
+               .name           = "numeric-priority",
+               .val            = OPT_NUMERIC_PRIO,
+       },
        {
                .name           = NULL
        }
@@ -135,6 +139,7 @@ static void show_help(const char *name)
 "  -u, --guid                  Print UID/GID as defined in /etc/passwd and /etc/group.\n"
 "  -N                          Translate IP addresses to names.\n"
 "  -S, --service                       Translate ports to service names as described in /etc/services.\n"
+"  -y, --numeric-priority      Print chain priority numerically.\n"
 "  -a, --handle                        Output rule handle.\n"
 "  -e, --echo                  Echo what has been added, inserted or replaced.\n"
 "  -I, --includepath <directory>       Add <directory> to the paths searched for include files. Default is: %s\n"
@@ -285,6 +290,9 @@ int main(int argc, char * const *argv)
                case OPT_GUID:
                        output_flags |= NFT_CTX_OUTPUT_GUID;
                        break;
+               case OPT_NUMERIC_PRIO:
+                       output_flags |= NFT_CTX_OUTPUT_NUMERIC_PRIO;
+                       break;
                case OPT_INVALID:
                        exit(EXIT_FAILURE);
                }

diff --git a/src/rule.c b/src/rule.c
index 33cbf0e2e9bbd7a07198928e6832bf7430662216..524db41e7edb91a3fc5e7551c554c4f72540eada 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -946,8 +946,9 @@ int std_prio_lookup(const char *std_prio_name, int family, int hook)
        return NF_IP_PRI_LAST;
 }
 
-static const char *prio2str(char *buf, size_t bufsize, int family, int hook,
-                           int prio, int numeric)
+static const char *prio2str(const struct output_ctx *octx,
+                           char *buf, size_t bufsize, int family, int hook,
+                           int prio)
 {
        const struct prio_tag *prio_arr;
        const char *std_prio_str;
@@ -963,7 +964,7 @@ static const char *prio2str(char *buf, size_t bufsize, int family, int hook,
                arr_size = array_size(std_prios);
        }
 
-       if (numeric != NFT_NUMERIC_ALL) {
+       if (!nft_output_numeric_prio(octx)) {
                for (i = 0; i < arr_size; ++i) {
                        std_prio = prio_arr[i].val;
                        std_prio_str = prio_arr[i].str;
@@ -1004,9 +1005,9 @@ static void chain_print_declaration(const struct chain *chain,
                if (chain->dev != NULL)
                        nft_print(octx, " device %s", chain->dev);
                nft_print(octx, " priority %s; policy %s;\n",
-                         prio2str(priobuf, sizeof(priobuf),
+                         prio2str(octx, priobuf, sizeof(priobuf),
                                   chain->handle.family, chain->hooknum,
-                                  chain->priority.num, octx->numeric),
+                                  chain->priority.num),
                          chain_policy2str(chain->policy));
        }
 }
@@ -1035,9 +1036,9 @@ void chain_print_plain(const struct chain *chain, struct output_ctx *octx)
        if (chain->flags & CHAIN_F_BASECHAIN) {
                nft_print(octx, " { type %s hook %s priority %s; policy %s; }",
                          chain->type, chain->hookstr,
-                         prio2str(priobuf, sizeof(priobuf),
+                         prio2str(octx, priobuf, sizeof(priobuf),
                                   chain->handle.family, chain->hooknum,
-                                  chain->priority.num, octx->numeric),
+                                  chain->priority.num),
                          chain_policy2str(chain->policy));
        }
        if (nft_output_handle(octx))
@@ -1950,9 +1951,8 @@ static void flowtable_print_declaration(const struct flowtable *flowtable,
        nft_print(octx, "%s%shook %s priority %s%s",
                  opts->tab, opts->tab,
                  hooknum2str(NFPROTO_NETDEV, flowtable->hooknum),
-                 prio2str(priobuf, sizeof(priobuf), NFPROTO_NETDEV,
-                          flowtable->hooknum, flowtable->priority.num,
-                          octx->numeric),
+                 prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV,
+                          flowtable->hooknum, flowtable->priority.num),
                  opts->stmt_separator);
 
        nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab);