From: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: pablo@netfilter.org
Subject: [nft PATCH v2] nft: don't resolve hostnames by default
Date: Thu, 06 Nov 2014 09:05:28 +0100 [thread overview]
Message-ID: <20141106080458.24488.47600.stgit@nfdev.cica.es> (raw)
This patch changes the behaviour of nft to don't translate IP
addresses to hostnames when printing rules.
So, the behaviour of nft ends like this:
<no -n given> show IP addresses numerically
-n show IP addresses numerically
-nn show Internet services and uid/gid numerically
-nnn show protocols numerically
-N translate IP addresses to names
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
v2: add the -N switch to translate IP addresses to names.
doc/nft.xml | 14 +++++++++++---
include/nftables.h | 1 +
src/datatype.c | 4 ++--
src/main.c | 16 +++++++++++++---
4 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/doc/nft.xml b/doc/nft.xml
index cec5ef3..45fd976 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -99,15 +99,23 @@ vi:ts=4 sw=4
<term><option>-n/--numeric</option></term>
<listitem>
<para>
- Numeric output: Addresses and other information
- that might need network traffic to resolve to symbolic names
- are shown numerically. When used twice, internet services
+ Numeric output: Information that might need network
+ traffic to resolve to symbolic names
+ are translated. When used twice, internet services
and UIDs/GIDs are also shown numerically. When used thrice,
protocol numbers are also shown numerically.
</para>
</listitem>
</varlistentry>
<varlistentry>
+ <term><option>-N</option></term>
+ <listitem>
+ <para>
+ Translate IP addresses to DNS names.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term><option>-a/--handle</option></term>
<listitem>
<para>
diff --git a/include/nftables.h b/include/nftables.h
index c3d3dbf..a46af47 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -26,6 +26,7 @@ enum debug_level {
extern unsigned int max_errors;
extern unsigned int numeric_output;
+extern unsigned int ip2names_output;
extern unsigned int handle_output;
extern unsigned int debug_level;
extern const char *include_paths[INCLUDE_PATHS_MAX];
diff --git a/src/datatype.c b/src/datatype.c
index 8ad211c..84a058b 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -379,7 +379,7 @@ static void ipaddr_type_print(const struct expr *expr)
sin.sin_addr.s_addr = mpz_get_be32(expr->value);
err = getnameinfo((struct sockaddr *)&sin, sizeof(sin), buf,
sizeof(buf), NULL, 0,
- numeric_output ? NI_NUMERICHOST : 0);
+ ip2names_output ? 0 : NI_NUMERICHOST);
if (err != 0) {
getnameinfo((struct sockaddr *)&sin, sizeof(sin), buf,
sizeof(buf), NULL, 0, NI_NUMERICHOST);
@@ -437,7 +437,7 @@ static void ip6addr_type_print(const struct expr *expr)
err = getnameinfo((struct sockaddr *)&sin6, sizeof(sin6), buf,
sizeof(buf), NULL, 0,
- numeric_output ? NI_NUMERICHOST : 0);
+ ip2names_output ? 0 : NI_NUMERICHOST);
if (err != 0) {
getnameinfo((struct sockaddr *)&sin6, sizeof(sin6), buf,
sizeof(buf), NULL, 0, NI_NUMERICHOST);
diff --git a/src/main.c b/src/main.c
index 3607bd5..3e251d5 100644
--- a/src/main.c
+++ b/src/main.c
@@ -28,6 +28,7 @@
unsigned int max_errors = 10;
unsigned int numeric_output;
+unsigned int ip2names_output;
unsigned int handle_output;
#ifdef DEBUG
unsigned int debug_level;
@@ -43,12 +44,13 @@ enum opt_vals {
OPT_INTERACTIVE = 'i',
OPT_INCLUDEPATH = 'I',
OPT_NUMERIC = 'n',
+ OPT_IP2NAMES = 'N',
OPT_DEBUG = 'd',
OPT_HANDLE_OUTPUT = 'a',
OPT_INVALID = '?',
};
-#define OPTSTRING "hvf:iI:vna"
+#define OPTSTRING "hvf:iI:vnNa"
static const struct option options[] = {
{
@@ -73,6 +75,10 @@ static const struct option options[] = {
.val = OPT_NUMERIC,
},
{
+ .name = "ip2names",
+ .val = OPT_IP2NAMES,
+ },
+ {
.name = "includepath",
.val = OPT_INCLUDEPATH,
.has_arg = 1,
@@ -105,10 +111,11 @@ static void show_help(const char *name)
" -f/--file <filename> Read input from <filename>\n"
" -i/--interactive Read input from interactive CLI\n"
"\n"
-" -n/--numeric When specified once, show network addresses numerically.\n"
-" When specified twice, also show Internet services,\n"
+" -n/--numeric When specified once, nothing happens.\n"
+" When specified twice, show Internet services,\n"
" user IDs and group IDs numerically.\n"
" When specified thrice, also show protocols numerically.\n"
+" -N Translate IP addresses to names.\n"
" -a/--handle Output rule handle.\n"
" -I/--includepath <directory> Add <directory> to the paths searched for include files.\n"
#ifdef DEBUG
@@ -279,6 +286,9 @@ int main(int argc, char * const *argv)
case OPT_NUMERIC:
numeric_output++;
break;
+ case OPT_IP2NAMES:
+ ip2names_output = 1;
+ break;
#ifdef DEBUG
case OPT_DEBUG:
for (;;) {
next reply other threads:[~2014-11-06 8:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-06 8:05 Arturo Borrero Gonzalez [this message]
2014-11-06 10:31 ` [nft PATCH v2] nft: don't resolve hostnames by default Pablo Neira Ayuso
2014-11-06 11:38 ` Arturo Borrero Gonzalez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141106080458.24488.47600.stgit@nfdev.cica.es \
--to=arturo.borrero.glez@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.