src: add nft_ctx_output_{get,set}_handle() to nft_ctx_output_{get,set}_flags

Add NFT_CTX_OUTPUT_HANDLE flag and print handle that uniquely identify
objects from new output flags interface.

Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index c0ce5be2087bd71ec55a9040adaf58dc4c6ad478..dbd38bdd2134837840dfe47d4961758d2ea833c6 100644 (file)
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -28,9 +28,6 @@ void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*,
 unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*);
 void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*);
 
-bool nft_ctx_output_get_handle(struct nft_ctx* '\*ctx'*);
-void nft_ctx_output_set_handle(struct nft_ctx* '\*ctx'*, bool* 'val'*);
-
 bool nft_ctx_output_get_echo(struct nft_ctx* '\*ctx'*);
 void nft_ctx_output_set_echo(struct nft_ctx* '\*ctx'*, bool* 'val'*);
 
@@ -96,6 +93,7 @@ enum {
         NFT_CTX_OUTPUT_REVERSEDNS  = (1 << 0),
         NFT_CTX_OUTPUT_SERVICE     = (1 << 1),
         NFT_CTX_OUTPUT_STATELESS   = (1 << 2),
+        NFT_CTX_OUTPUT_HANDLE      = (1 << 3),
 };
 ----
 
@@ -106,6 +104,11 @@ NFT_CTX_OUTPUT_SERVICE::
 NFT_CTX_OUTPUT_STATELESS::
        If stateless output has been requested then stateful data is not printed.
 Stateful data refers to those objects that carry run-time data, eg. the *counter* statement holds packet and byte counter values, making it stateful.
+NFT_CTX_OUTPUT_HANDLE::
+       Upon insertion into the ruleset, some elements are assigned a unique handle for identification purposes.
+For example, when deleting a table or chain, it may be identified either by name or handle.
+Rules on the other hand must be deleted by handle because there is no other way to uniquely identify them.
+This flag makes ruleset listings include handle values.
 
 The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
 
@@ -178,17 +181,6 @@ The *nft_ctx_output_get_debug*() function returns the debug output setting's val
 
 The *nft_ctx_output_set_debug*() function sets the debug output setting in 'ctx' to the value of 'mask'.
 
-=== nft_ctx_output_get_handle() and nft_ctx_output_set_handle()
-Upon insertion into the ruleset, some elements are assigned a unique handle for identification purposes.
-For example, when deleting a table or chain, it may be identified either by name or handle.
-Rules on the other hand must be deleted by handle because there is no other way to uniquely identify them.
-These functions allow to control whether ruleset listings should include handles or not.
-The default setting is *false*.
-
-The *nft_ctx_output_get_handle*() function returns the handle output setting's value in 'ctx'.
-
-The *nft_ctx_output_set_handle*() function sets the handle output setting in 'ctx' to the value of 'val'.
-
 === nft_ctx_output_get_echo() and nft_ctx_output_set_echo()
 The echo setting makes libnftables print the changes once they are committed to the kernel, just like a running instance of *nft monitor* would.
 Amongst other things, this allows to retrieve an added rule's handle atomically.

diff --git a/include/nftables.h b/include/nftables.h
index cb36e06633e937eb786eaa00f955178a7eb62cb2..e0e7a113540649f09ed5b2c05d432cbdf47ffd65 100644 (file)
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -18,7 +18,6 @@ struct cookie {
 struct output_ctx {
        unsigned int flags;
        unsigned int numeric;
-       unsigned int handle;
        unsigned int echo;
        unsigned int json;
        union {
@@ -46,6 +45,11 @@ static inline bool nft_output_stateless(const struct output_ctx *octx)
        return octx->flags & NFT_CTX_OUTPUT_STATELESS;
 }
 
+static inline bool nft_output_handle(const struct output_ctx *octx)
+{
+       return octx->flags & NFT_CTX_OUTPUT_HANDLE;
+}
+
 struct nft_cache {
        uint16_t                genid;
        struct list_head        list;

diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index 4f1c10901b1bd0239fc9abffddd7a40b7d67729c..a6ce938305c38aa8819b08d9274e09de897dd16d 100644 (file)
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -48,6 +48,7 @@ enum {
        NFT_CTX_OUTPUT_REVERSEDNS       = (1 << 0),
        NFT_CTX_OUTPUT_SERVICE          = (1 << 1),
        NFT_CTX_OUTPUT_STATELESS        = (1 << 2),
+       NFT_CTX_OUTPUT_HANDLE           = (1 << 3),
 };
 
 unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
@@ -57,8 +58,6 @@ enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
 void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level);
 unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
 void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
-bool nft_ctx_output_get_handle(struct nft_ctx *ctx);
-void nft_ctx_output_set_handle(struct nft_ctx *ctx, bool val);
 bool nft_ctx_output_get_echo(struct nft_ctx *ctx);
 void nft_ctx_output_set_echo(struct nft_ctx *ctx, bool val);
 bool nft_ctx_output_get_json(struct nft_ctx *ctx);

diff --git a/src/libnftables.c b/src/libnftables.c
index 35e755e9cc9dd45d0631de398128e097d16353b4..6dc1be3d5ef895464404056c4c56ed9094ddaffb 100644 (file)
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -342,16 +342,6 @@ void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask)
        ctx->debug_mask = mask;
 }
 
-bool nft_ctx_output_get_handle(struct nft_ctx *ctx)
-{
-       return ctx->output.handle;
-}
-
-void nft_ctx_output_set_handle(struct nft_ctx *ctx, bool val)
-{
-       ctx->output.handle = val;
-}
-
 bool nft_ctx_output_get_echo(struct nft_ctx *ctx)
 {
        return ctx->output.echo;

diff --git a/src/main.c b/src/main.c
index 384bde5ceefc4a76566f019107bfa696c50a487f..7cf3bb6801e7cae5b7b471649cac550c8127addc 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -266,7 +266,7 @@ int main(int argc, char * const *argv)
                        nft_ctx_output_set_debug(nft, debug_mask);
                        break;
                case OPT_HANDLE_OUTPUT:
-                       nft_ctx_output_set_handle(nft, true);
+                       output_flags |= NFT_CTX_OUTPUT_HANDLE;
                        break;
                case OPT_ECHO:
                        nft_ctx_output_set_echo(nft, true);

diff --git a/src/monitor.c b/src/monitor.c
index 88a61de4ed9f785c297b494bae8a605b761a6aa1..9e3c43dcac689d83712b26b532c3386aad2d057d 100644 (file)
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -214,7 +214,7 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type,
 
                nft_mon_print(monh, "%s %s", family2str(t->handle.family),
                              t->handle.table.name);
-               if (monh->ctx->nft->output.handle > 0)
+               if (nft_output_handle(&monh->ctx->nft->output))
                        nft_mon_print(monh, " # handle %" PRIu64 "",
                                      t->handle.handle.id);
                break;

diff --git a/src/rule.c b/src/rule.c
index 35c60de4a8db62370b8dc8fac355b9d3077710fd..da1bdc44ab69c8681110382fa12bc60cd4f97fb2 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -412,7 +412,7 @@ static void set_print_declaration(const struct set *set,
 
        nft_print(octx, " %s {", set->handle.set.name);
 
-       if (octx->handle > 0)
+       if (nft_output_handle(octx))
                nft_print(octx, " # handle %" PRIu64, set->handle.handle.id);
        nft_print(octx, "%s", opts->nl);
        nft_print(octx, "%s%stype %s",
@@ -567,7 +567,7 @@ void rule_print(const struct rule *rule, struct output_ctx *octx)
        if (rule->comment)
                nft_print(octx, " comment \"%s\"", rule->comment);
 
-       if (octx->handle > 0)
+       if (nft_output_handle(octx))
                nft_print(octx, " # handle %" PRIu64, rule->handle.handle.id);
 }
 
@@ -995,7 +995,7 @@ static void chain_print_declaration(const struct chain *chain,
        char priobuf[STD_PRIO_BUFSIZE];
 
        nft_print(octx, "\tchain %s {", chain->handle.chain.name);
-       if (octx->handle > 0)
+       if (nft_output_handle(octx))
                nft_print(octx, " # handle %" PRIu64, chain->handle.handle.id);
        nft_print(octx, "\n");
        if (chain->flags & CHAIN_F_BASECHAIN) {
@@ -1040,7 +1040,7 @@ void chain_print_plain(const struct chain *chain, struct output_ctx *octx)
                                   chain->priority.num, octx->numeric),
                          chain_policy2str(chain->policy));
        }
-       if (octx->handle > 0)
+       if (nft_output_handle(octx))
                nft_print(octx, " # handle %" PRIu64, chain->handle.handle.id);
 }
 
@@ -1137,7 +1137,7 @@ static void table_print(const struct table *table, struct output_ctx *octx)
        const char *family = family2str(table->handle.family);
 
        nft_print(octx, "table %s %s {", family, table->handle.table.name);
-       if (octx->handle > 0)
+       if (nft_output_handle(octx))
                nft_print(octx, " # handle %" PRIu64, table->handle.handle.id);
        nft_print(octx, "\n");
        table_print_options(table, &delim, octx);
@@ -1680,7 +1680,7 @@ static void obj_print_data(const struct obj *obj,
        switch (obj->type) {
        case NFT_OBJECT_COUNTER:
                nft_print(octx, " %s {", obj->handle.obj.name);
-               if (octx->handle > 0)
+               if (nft_output_handle(octx))
                        nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
                nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
                if (nft_output_stateless(octx)) {
@@ -1695,7 +1695,7 @@ static void obj_print_data(const struct obj *obj,
                uint64_t bytes;
 
                nft_print(octx, " %s {", obj->handle.obj.name);
-               if (octx->handle > 0)
+               if (nft_output_handle(octx))
                        nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
                nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
                data_unit = get_rate(obj->quota.bytes, &bytes);
@@ -1712,14 +1712,14 @@ static void obj_print_data(const struct obj *obj,
                break;
        case NFT_OBJECT_SECMARK:
                nft_print(octx, " %s {", obj->handle.obj.name);
-               if (octx->handle > 0)
+               if (nft_output_handle(octx))
                        nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
                nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
                nft_print(octx, "%s", obj->secmark.ctx);
                break;
        case NFT_OBJECT_CT_HELPER:
                nft_print(octx, " %s {", obj->handle.obj.name);
-               if (octx->handle > 0)
+               if (nft_output_handle(octx))
                        nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
                nft_print(octx, "%s", opts->nl);
                nft_print(octx, "%s%stype \"%s\" protocol ",
@@ -1733,7 +1733,7 @@ static void obj_print_data(const struct obj *obj,
                break;
        case NFT_OBJECT_CT_TIMEOUT:
                nft_print(octx, " %s {", obj->handle.obj.name);
-               if (octx->handle > 0)
+               if (nft_output_handle(octx))
                        nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
                nft_print(octx, "%s", opts->nl);
                nft_print(octx, "%s%sprotocol ", opts->tab, opts->tab);
@@ -1752,7 +1752,7 @@ static void obj_print_data(const struct obj *obj,
                uint64_t rate;
 
                nft_print(octx, " %s {", obj->handle.obj.name);
-               if (octx->handle > 0)
+               if (nft_output_handle(octx))
                        nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
                nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
                switch (obj->limit.type) {