Like iptables-save, print UID and GID as numeric values by default.
Add a new option `-u' to print the UID and GID names as defined by
/etc/passwd and /etc/group.
Note that -n is ignored after this patch, since default are numeric
printing for UID and GID.
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFT_CTX_OUTPUT_HANDLE = (1 << 3),
NFT_CTX_OUTPUT_JSON = (1 << 4),
NFT_CTX_OUTPUT_ECHO = (1 << 5),
+ NFT_CTX_OUTPUT_GUID = (1 << 6),
};
----
NFT_CTX_OUTPUT_ECHO::
The echo setting makes libnftables print the changes once they are committed to the kernel, just like a running instance of *nft monitor* would.
Amongst other things, this allows to retrieve an added rule's handle atomically.
+NFT_CTX_OUTPUT_GUID::
+ Display UID and GID as described in the /etc/passwd and /etc/group files.
The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
*--service*::
Translate ports to service names as defined by /etc/services.
+*-u*::
+*--guid**::
+ Translate numeric UID/GID to names as defined by /etc/passwd and /etc/group.
+
*-c*::
*--check*::
Check commands validity without actually applying the changes.
return octx->flags & NFT_CTX_OUTPUT_ECHO;
}
+static inline bool nft_output_guid(const struct output_ctx *octx)
+{
+ return octx->flags & NFT_CTX_OUTPUT_GUID;
+}
+
struct nft_cache {
uint16_t genid;
struct list_head list;
NFT_CTX_OUTPUT_HANDLE = (1 << 3),
NFT_CTX_OUTPUT_JSON = (1 << 4),
NFT_CTX_OUTPUT_ECHO = (1 << 5),
+ NFT_CTX_OUTPUT_GUID = (1 << 6),
};
unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
{
uint32_t uid = mpz_get_uint32(expr->value);
- if (octx->numeric < NFT_NUMERIC_ALL) {
+ if (nft_output_guid(octx)) {
struct passwd *pw = getpwuid(uid);
if (pw)
{
uint32_t gid = mpz_get_uint32(expr->value);
- if (octx->numeric < NFT_NUMERIC_ALL) {
+ if (nft_output_guid(octx)) {
struct group *gr = getgrgid(gid);
if (gr)
OPT_DEBUG = 'd',
OPT_HANDLE_OUTPUT = 'a',
OPT_ECHO = 'e',
+ OPT_GUID = 'u',
OPT_INVALID = '?',
};
-#define OPTSTRING "hvcf:iI:jvnsNaeS"
+#define OPTSTRING "hvcf:iI:jvnsNaeSu"
static const struct option options[] = {
{
.name = "json",
.val = OPT_JSON,
},
+ {
+ .name = "guid",
+ .val = OPT_GUID,
+ },
{
.name = NULL
}
" Specify twice to also show Internet services (port numbers) numerically.\n"
" Specify three times to also show protocols, user IDs, and group IDs numerically.\n"
" -s, --stateless Omit stateful information of ruleset.\n"
+" -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n"
" -N Translate IP addresses to names.\n"
" -S, --service Translate ports to service names as described in /etc/services.\n"
" -a, --handle Output rule handle.\n"
output_flags |= NFT_CTX_OUTPUT_JSON;
#endif
break;
+ case OPT_GUID:
+ output_flags |= NFT_CTX_OUTPUT_GUID;
+ break;
case OPT_INVALID:
exit(EXIT_FAILURE);
}
{
struct passwd *pw;
- if (octx->numeric < NFT_NUMERIC_ALL) {
+ if (nft_output_guid(octx)) {
uint32_t uid = mpz_get_uint32(expr->value);
pw = getpwuid(uid);
{
struct group *gr;
- if (octx->numeric < NFT_NUMERIC_ALL) {
+ if (nft_output_guid(octx)) {
uint32_t gid = mpz_get_uint32(expr->value);
gr = getgrgid(gid);
projects / thirdparty / nftables.git / commitdiff
