From: Christoph Anton Mitterer <calestyo@scientia.org>
To: Fernando Fernandez Mancera <fmancera@suse.de>,
netfilter-devel@vger.kernel.org
Subject: Re: bug: nft -n still shows "resolved" values for iif and oif
Date: Thu, 25 Sep 2025 17:48:30 +0200 [thread overview]
Message-ID: <c825ad4a7e7318d211fcbb419b1003d063dc702c.camel@scientia.org> (raw)
In-Reply-To: <e19bafc0-61c9-47af-afb6-15f886cc4d37@suse.de>
On Thu, 2025-09-25 at 14:36 +0200, Fernando Fernandez Mancera wrote:
> 2. Introduce a new "--numeric-interface" which prevents resolving iif
> or
> oif.
What IMO would be most helpful for users is an option, which for all
values simply causes the "real" value to be printed.
With "real" I mean:
- if e.g. an ip daddr matches on 1.1.1.1, then print 1.1.1.1
- if there were an ip domainname where netfilter would resolve, the
that option should print the hostname
- if using iifname, the actual matched value is the string, so print
that
- if using iif or oif, the actual matched value is the ID, so print
that, in particular as (perhaps with the exception of lo), e.g. eth0
isn't per definition ID 2 or whatever
For things like ICMP Type codes, IP protocol numbers, port numbers...
things are different to e.g. the iface ID.
For them, e.g. type 0 is always guaranteed to be icmp echo request and
22 is always port SSH.
So it could IMO be handy to have an option which gives the above
("real") but still uses non-numeric values for things where the
number<->string is fixed, and if one uses the option e.g. twice, then
even those are printed with their numeric values.
Cheers,
Chris.
next prev parent reply other threads:[~2025-09-25 19:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-24 21:48 bug: nft -n still shows "resolved" values for iif and oif Christoph Anton Mitterer
2025-09-25 12:36 ` Fernando Fernandez Mancera
2025-09-25 14:07 ` Pablo Neira Ayuso
2025-09-26 10:27 ` Fernando Fernandez Mancera
2025-09-25 15:48 ` Christoph Anton Mitterer [this message]
2025-09-25 14:42 ` Florian Westphal
2025-09-25 15:53 ` Christoph Anton Mitterer
2025-09-25 16:45 ` Florian Westphal
2025-09-25 20:44 ` Christoph Anton Mitterer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c825ad4a7e7318d211fcbb419b1003d063dc702c.camel@scientia.org \
--to=calestyo@scientia.org \
--cc=fmancera@suse.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).