* [PATCH] src: print 'handle' attribute in tables
@ 2017-12-23 19:45 Harsha Sharma
2017-12-24 14:37 ` Adel Belhouane
0 siblings, 1 reply; 3+ messages in thread
From: Harsha Sharma @ 2017-12-23 19:45 UTC (permalink / raw)
To: pablo, harshasharmaiitr; +Cc: netfilter-devel
Print 'handle' attribute in tables, when listing via '-a' option
For eg.
nft list ruleset -a
table ip test-ip4 {
chain input {
ip saddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
}
# handle 1}
table ip filter {
chain output {
tcp dport ssh counter packets 0 bytes 0 # handle 4
}
# handle 2}
table ip xyz {
# handle 3}
Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
---
include/linux/netfilter/nf_tables.h | 4 ++++
src/netlink.c | 6 +++++-
src/rule.c | 2 ++
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index f328944..6db9130 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -160,12 +160,14 @@ enum nft_table_flags {
* @NFTA_TABLE_NAME: name of the table (NLA_STRING)
* @NFTA_TABLE_FLAGS: bitmask of enum nft_table_flags (NLA_U32)
* @NFTA_TABLE_USE: number of chains in this table (NLA_U32)
+ * @NFTA_TABLE_HANDLE: numeric handle of the table (NLA_U64)
*/
enum nft_table_attributes {
NFTA_TABLE_UNSPEC,
NFTA_TABLE_NAME,
NFTA_TABLE_FLAGS,
NFTA_TABLE_USE,
+ NFTA_TABLE_HANDLE,
__NFTA_TABLE_MAX
};
#define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1)
@@ -1307,6 +1309,7 @@ enum nft_object_attributes {
*
* @NFTA_TRACE_TABLE: name of the table (NLA_STRING)
* @NFTA_TRACE_CHAIN: name of the chain (NLA_STRING)
+ * @NFTA_TRACE_TABLE_HANDLE: numeric handle of the table (NLA_U64)
* @NFTA_TRACE_RULE_HANDLE: numeric handle of the rule (NLA_U64)
* @NFTA_TRACE_TYPE: type of the event (NLA_U32: nft_trace_types)
* @NFTA_TRACE_VERDICT: verdict returned by hook (NLA_NESTED: nft_verdicts)
@@ -1326,6 +1329,7 @@ enum nft_trace_attributes {
NFTA_TRACE_UNSPEC,
NFTA_TRACE_TABLE,
NFTA_TRACE_CHAIN,
+ NFTA_TRACE_TABLE_HANDLE,
NFTA_TRACE_RULE_HANDLE,
NFTA_TRACE_TYPE,
NFTA_TRACE_VERDICT,
diff --git a/src/netlink.c b/src/netlink.c
index 8653ae6..59d7096 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -123,6 +123,8 @@ struct nftnl_table *alloc_nftnl_table(const struct handle *h)
nftnl_table_set_u32(nlt, NFTNL_TABLE_FAMILY, h->family);
if (h->table != NULL)
nftnl_table_set(nlt, NFTNL_TABLE_NAME, h->table);
+ if (h->handle.id)
+ nftnl_table_set_u64(nlt, NFTNL_TABLE_HANDLE, h->handle.id);
return nlt;
}
@@ -137,7 +139,7 @@ struct nftnl_chain *alloc_nftnl_chain(const struct handle *h)
nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, h->family);
nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, h->table);
- if (h->handle.id != 0)
+ if (h->handle.id)
nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, h->handle.id);
if (h->chain != NULL)
nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, h->chain);
@@ -964,6 +966,7 @@ static struct table *netlink_delinearize_table(struct netlink_ctx *ctx,
table->handle.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY);
table->handle.table = xstrdup(nftnl_table_get_str(nlt, NFTNL_TABLE_NAME));
table->flags = nftnl_table_get_u32(nlt, NFTNL_TABLE_FLAGS);
+ table->handle.handle.id = nftnl_table_get_u64(nlt, NFTNL_TABLE_HANDLE);
return table;
}
@@ -992,6 +995,7 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h,
return 0;
}
+ ctx->data = h;
nftnl_table_list_foreach(table_cache, list_table_cb, ctx);
nftnl_table_list_free(table_cache);
return 0;
diff --git a/src/rule.c b/src/rule.c
index bb9add0..e875816 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -820,6 +820,8 @@ static void table_print(const struct table *table, struct output_ctx *octx)
chain_print(chain, octx);
delim = "\n";
}
+ if (octx->handle > 0)
+ nft_print(octx, " # handle %" PRIu64, table->handle.handle.id);
nft_print(octx, "}\n");
}
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] src: print 'handle' attribute in tables
2017-12-23 19:45 [PATCH] src: print 'handle' attribute in tables Harsha Sharma
@ 2017-12-24 14:37 ` Adel Belhouane
2017-12-24 14:57 ` Harsha Sharma
0 siblings, 1 reply; 3+ messages in thread
From: Adel Belhouane @ 2017-12-24 14:37 UTC (permalink / raw)
To: Harsha Sharma; +Cc: pablo, netfilter-devel
Hello,
Le 23/12/2017 à 20:45, Harsha Sharma a écrit :
> Print 'handle' attribute in tables, when listing via '-a' option
>
> For eg.
> nft list ruleset -a
>
> table ip test-ip4 {
> chain input {
> ip saddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
> }
> # handle 1}
[...]
> diff --git a/src/rule.c b/src/rule.c
> index bb9add0..e875816 100644
> --- a/src/rule.c
> +++ b/src/rule.c
> @@ -820,6 +820,8 @@ static void table_print(const struct table *table, struct output_ctx *octx)
> chain_print(chain, octx);
> delim = "\n";
> }
> + if (octx->handle > 0)
> + nft_print(octx, " # handle %" PRIu64, table->handle.handle.id);
> nft_print(octx, "}\n");
> }
>
>
I'm wonderning if it wouldn't be easier (for something parsing "nft list ruleset -a" 's output) to have the " # handle ..." after the closing brace instead of before. It makes sence to consider "#" as a start of comment until end of line, and in such case the last "}" would be in the comment and missing (for something choosing to ignore all such "comments").
So the example would become instead:
nft list ruleset -a
table ip test-ip4 {
chain input {
ip saddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
}
} # handle 1
What do you think?
regards,
Adel Belhouane.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] src: print 'handle' attribute in tables
2017-12-24 14:37 ` Adel Belhouane
@ 2017-12-24 14:57 ` Harsha Sharma
0 siblings, 0 replies; 3+ messages in thread
From: Harsha Sharma @ 2017-12-24 14:57 UTC (permalink / raw)
To: Adel Belhouane; +Cc: Pablo Neira Ayuso, netfilter-devel
On Sun, Dec 24, 2017 at 8:07 PM, Adel Belhouane <bugs.a.b@free.fr> wrote:
> Hello,
>
> Le 23/12/2017 à 20:45, Harsha Sharma a écrit :
>> Print 'handle' attribute in tables, when listing via '-a' option
>>
>> For eg.
>> nft list ruleset -a
>>
>> table ip test-ip4 {
>> chain input {
>> ip saddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
>> }
>> # handle 1}
>
> [...]
>
>> diff --git a/src/rule.c b/src/rule.c
>> index bb9add0..e875816 100644
>> --- a/src/rule.c
>> +++ b/src/rule.c
>> @@ -820,6 +820,8 @@ static void table_print(const struct table *table, struct output_ctx *octx)
>> chain_print(chain, octx);
>> delim = "\n";
>> }
>> + if (octx->handle > 0)
>> + nft_print(octx, " # handle %" PRIu64, table->handle.handle.id);
>> nft_print(octx, "}\n");
>> }
>>
>>
>
> I'm wonderning if it wouldn't be easier (for something parsing "nft list ruleset -a" 's output) to have the " # handle ..." after the closing brace instead of before. It makes sence to consider "#" as a start of comment until end of line, and in such case the last "}" would be in the comment and missing (for something choosing to ignore all such "comments").
>
> So the example would become instead:
>
> nft list ruleset -a
>
> table ip test-ip4 {
> chain input {
> ip saddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
> }
> } # handle 1
>
> What do you think?
>
Yes.Makes sense to me.
Thanks.
> regards,
> Adel Belhouane.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-12-24 14:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-23 19:45 [PATCH] src: print 'handle' attribute in tables Harsha Sharma
2017-12-24 14:37 ` Adel Belhouane
2017-12-24 14:57 ` Harsha Sharma
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.