[PATCH 1/2 nft,v2] src: add -p to print layer 4 protocol numerically

[Pablo Neira Ayuso]

We keep printing layer 4 protocols as literals since we do not use
/etc/protocols. Add -p option to print layer 4 protocols numerically.

Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
v2: update documentation.
    Rename to NUMERIC_PROTO.

 doc/libnftables.adoc           |  3 +++
 doc/nft.txt                    |  4 ++++
 include/nftables.h             |  5 +++++
 include/nftables/libnftables.h |  1 +
 src/datatype.c                 |  2 +-
 src/main.c                     | 11 ++++++++++-
 6 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index 67d9f261034c..dc3299f037df 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -91,6 +91,7 @@ enum {
         NFT_CTX_OUTPUT_JSON        = (1 << 4),
         NFT_CTX_OUTPUT_ECHO        = (1 << 5),
         NFT_CTX_OUTPUT_GUID        = (1 << 6),
+        NFT_CTX_OUTPUT_NUMERIC_PROTO = (1 << 7),
 };
 ----
 
@@ -119,6 +120,8 @@ NFT_CTX_OUTPUT_GUID::
 The *nft_ctx_output_get_flags*() function returns the output flags setting's 
value in 'ctx'.
 
 The *nft_ctx_output_set_flags*() function sets the output flags setting in 
'ctx' to the value of 'val'.
+NFT_CTX_OUTPUT_NUMERIC_PROTO::
+       Display layer 4 protocol numerically.
 
 === nft_ctx_output_get_numeric() and nft_ctx_output_set_numeric()
 These functions allow control over value representation in library output.
diff --git a/doc/nft.txt b/doc/nft.txt
index 39527c4e8e55..4ef8c5b3506f 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -56,6 +56,10 @@ For a full summary of options, run *nft --help*.
 *--guid**::
        Translate numeric UID/GID to names as defined by /etc/passwd and 
/etc/group.
 
+*-p*::
+*--numeric-protocol**::
+       Display layer 4 protocol numerically.
+
 *-c*::
 *--check*::
        Check commands validity without actually applying the changes.
diff --git a/include/nftables.h b/include/nftables.h
index 57203dfcce3f..8f483bf84ff6 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -77,6 +77,11 @@ static inline bool nft_output_guid(const struct output_ctx 
*octx)
        return octx->flags & NFT_CTX_OUTPUT_GUID;
 }
 
+static inline bool nft_output_numeric_proto(const struct output_ctx *octx)
+{
+       return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PROTO;
+}
+
 struct nft_cache {
        uint16_t                genid;
        struct list_head        list;
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index ff7b47aa3160..74f2dabbd1d5 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -52,6 +52,7 @@ enum {
        NFT_CTX_OUTPUT_JSON             = (1 << 4),
        NFT_CTX_OUTPUT_ECHO             = (1 << 5),
        NFT_CTX_OUTPUT_GUID             = (1 << 6),
+       NFT_CTX_OUTPUT_NUMERIC_PROTO    = (1 << 7),
 };
 
 unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
diff --git a/src/datatype.c b/src/datatype.c
index 48eaca277757..bfb70a6ebb76 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -564,7 +564,7 @@ static void inet_protocol_type_print(const struct expr 
*expr,
 {
        struct protoent *p;
 
-       if (octx->numeric < NFT_NUMERIC_ALL) {
+       if (!nft_output_numeric_proto(octx)) {
                p = getprotobynumber(mpz_get_uint8(expr->value));
                if (p != NULL) {
                        nft_print(octx, "%s", p->p_name);
diff --git a/src/main.c b/src/main.c
index 0c8fa1e9a108..70bde253495e 100644
--- a/src/main.c
+++ b/src/main.c
@@ -40,10 +40,11 @@ enum opt_vals {
        OPT_HANDLE_OUTPUT       = 'a',
        OPT_ECHO                = 'e',
        OPT_GUID                = 'u',
+       OPT_NUMERIC_PROTO       = 'p',
        OPT_INVALID             = '?',
 };
 
-#define OPTSTRING      "hvcf:iI:jvnsNaeSu"
+#define OPTSTRING      "hvcf:iI:jvnsNaeSup"
 
 static const struct option options[] = {
        {
@@ -110,6 +111,10 @@ static const struct option options[] = {
                .val            = OPT_GUID,
        },
        {
+               .name           = "numeric-protocol",
+               .val            = OPT_NUMERIC_PROTO,
+       },
+       {
                .name           = NULL
        }
 };
@@ -135,6 +140,7 @@ static void show_help(const char *name)
 "  -u, --guid                  Print UID/GID as defined in /etc/passwd and 
/etc/group.\n"
 "  -N                          Translate IP addresses to names.\n"
 "  -S, --service                       Translate ports to service names as 
described in /etc/services.\n"
+"  -p, --numeric-protocol      Print layer 4 protocols numerically.\n"
 "  -a, --handle                        Output rule handle.\n"
 "  -e, --echo                  Echo what has been added, inserted or 
replaced.\n"
 "  -I, --includepath <directory>       Add <directory> to the paths searched 
for include files. Default is: %s\n"
@@ -285,6 +291,9 @@ int main(int argc, char * const *argv)
                case OPT_GUID:
                        output_flags |= NFT_CTX_OUTPUT_GUID;
                        break;
+               case OPT_NUMERIC_PROTO:
+                       output_flags |= NFT_CTX_OUTPUT_NUMERIC_PROTO;
+                       break;
                case OPT_INVALID:
                        exit(EXIT_FAILURE);
                }
-- 
2.11.0