Re: iptables-save - suggest patch to add functionality

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Maintainers,

Le 13/03/2018 à 15:57, Pablo Neira Ayuso a écrit :
> Please, send us patches in git-format-patch, include a patch
> description and add your Signed-off-by tag.
Please find attached the patch in git-format-patch format.

>> +/* if true (opt -Z, --zero): Reset to zero counters of the chains */
> No need for comment.
Comments removed.

>> +static int rst_chain_counters = false;
> I would call this:
>
>         display_zero_counters
>
> This is not resetting counters, it just displays them as zero. Same
> comment applies to documentation.
Variable name changed.

>>  		case 'c':
>> -			show_counters = 1;
>> +			show_counters = true;
> Do this update in a separated patch: One patch per logical change.
Sending in a future patch.

>> -include the current values of all packet and byte counters in the output
>> +Include the current values of all packet and byte counters in the output.
>    ^
>
> Same thing as above, no unrelated changes in this patch.
Sending in a future patch.

>> +\fB\-Z\fR, \fB\-\-zero\fR
>> +Reset to zero counters of the chains.
> This is not resetting anything, instead I'd propose:
>
> Display zero packet and byte chain counters when saving the ruleset.
Man page updated.

>> +Alban Vidal <alban.vidal@xxxxxxxxxx> contributed ip[6]tables-save.
> Again, this information is there for historical reasons: git is
> already leaving a record on this. *A lot* of people have contributed
> to iptables and they are not listed there :-).
Removed :)


Best regards,

Alban Vidal
From 5779285507ab2398453f0e562f229d3032d809b6 Mon Sep 17 00:00:00 2001
From: Alban Vidal <alban.vidal@xxxxxxxxxx>
Date: Tue, 13 Mar 2018 19:22:25 +0100
Subject: [PATCH] ipXtables-saves: adding -Z, --zero option

Display zero packet and byte chain counters when saving the ruleset.

Signed-off-by: Alban Vidal <alban.vidal@xxxxxxxxxx>
---
 iptables/ip6tables-save.c   | 14 +++++++++++---
 iptables/iptables-save.8.in |  7 +++++--
 iptables/iptables-save.c    | 14 +++++++++++---
 iptables/xtables-save.c     |  8 ++++++--
 4 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
index 8e3a6afd..8a6ae699 100644
--- a/iptables/ip6tables-save.c
+++ b/iptables/ip6tables-save.c
@@ -20,10 +20,12 @@
 #include "ip6tables-multi.h"
 
 static int show_counters;
+static bool display_zero_counters;
 
 static const struct option options[] = {
 	{.name = "counters", .has_arg = false, .val = 'c'},
 	{.name = "dump",     .has_arg = false, .val = 'd'},
+	{.name = "zero",     .has_arg = false, .val = 'Z'},
 	{.name = "table",    .has_arg = true,  .val = 't'},
 	{.name = "modprobe", .has_arg = true,  .val = 'M'},
 	{.name = "file",     .has_arg = true,  .val = 'f'},
@@ -96,7 +98,11 @@ static int do_output(const char *tablename)
 			struct xt_counters count;
 			printf("%s ",
 			       ip6tc_get_policy(chain, &count, h));
-			printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
+			if(!display_zero_counters) {
+				printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
+			} else {
+				printf("[0:0]\n");
+			}
 		} else {
 			printf("- [0:0]\n");
 		}
@@ -146,7 +152,7 @@ int ip6tables_save_main(int argc, char *argv[])
 	init_extensions6();
 #endif
 
-	while ((c = getopt_long(argc, argv, "bcdt:M:f:", options, NULL)) != -1) {
+	while ((c = getopt_long(argc, argv, "bcZdt:M:f:", options, NULL)) != -1) {
 		switch (c) {
 		case 'b':
 			fprintf(stderr, "-b/--binary option is not implemented\n");
@@ -154,7 +160,9 @@ int ip6tables_save_main(int argc, char *argv[])
 		case 'c':
 			show_counters = 1;
 			break;
-
+		case 'Z':
+			display_zero_counters = true;
+			break;
 		case 't':
 			/* Select specific table. */
 			tablename = optarg;
diff --git a/iptables/iptables-save.8.in b/iptables/iptables-save.8.in
index 51e11f3e..76ea4ee0 100644
--- a/iptables/iptables-save.8.in
+++ b/iptables/iptables-save.8.in
@@ -24,10 +24,10 @@ iptables-save \(em dump iptables rules
 ip6tables-save \(em dump iptables rules
 .SH SYNOPSIS
 \fBiptables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
-[\fB\-t\fP \fItable\fP] [\fB\-f\fP \fIfilename\fP]
+[\fB\-Z\fP] [\fB\-t\fP \fItable\fP] [\fB\-f\fP \fIfilename\fP]
 .P
 \fBip6tables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
-[\fB\-t\fP \fItable\fP] [\fB\-f\fP \fIfilename\fP]
+[\fB\-Z\fP] [\fB\-t\fP \fItable\fP] [\fB\-f\fP \fIfilename\fP]
 .SH DESCRIPTION
 .PP
 .B iptables-save
@@ -47,6 +47,9 @@ will log to STDOUT.
 \fB\-c\fR, \fB\-\-counters\fR
 include the current values of all packet and byte counters in the output
 .TP
+\fB\-Z\fR, \fB\-\-zero\fR
+Display zero packet and byte chain counters when saving the ruleset.
+.TP
 \fB\-t\fR, \fB\-\-table\fR \fItablename\fP
 restrict output to only one table. If not specified, output includes all
 available tables.
diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
index d59bd34a..0885cb9f 100644
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -19,10 +19,12 @@
 #include "iptables-multi.h"
 
 static int show_counters;
+static bool display_zero_counters;
 
 static const struct option options[] = {
 	{.name = "counters", .has_arg = false, .val = 'c'},
 	{.name = "dump",     .has_arg = false, .val = 'd'},
+	{.name = "zero",     .has_arg = false, .val = 'Z'},
 	{.name = "table",    .has_arg = true,  .val = 't'},
 	{.name = "modprobe", .has_arg = true,  .val = 'M'},
 	{.name = "file",     .has_arg = true,  .val = 'f'},
@@ -94,7 +96,11 @@ static int do_output(const char *tablename)
 			struct xt_counters count;
 			printf("%s ",
 			       iptc_get_policy(chain, &count, h));
-			printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
+			if(!display_zero_counters) {
+				printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
+			} else {
+				printf("[0:0]\n");
+			}
 		} else {
 			printf("- [0:0]\n");
 		}
@@ -145,7 +151,7 @@ iptables_save_main(int argc, char *argv[])
 	init_extensions4();
 #endif
 
-	while ((c = getopt_long(argc, argv, "bcdt:M:f:", options, NULL)) != -1) {
+	while ((c = getopt_long(argc, argv, "bcZdt:M:f:", options, NULL)) != -1) {
 		switch (c) {
 		case 'b':
 			fprintf(stderr, "-b/--binary option is not implemented\n");
@@ -153,7 +159,9 @@ iptables_save_main(int argc, char *argv[])
 		case 'c':
 			show_counters = 1;
 			break;
-
+		case 'Z':
+			display_zero_counters = true;
+			break;
 		case 't':
 			/* Select specific table. */
 			tablename = optarg;
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 5b498b04..2c5d7cd3 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -27,10 +27,12 @@
 #endif
 
 static bool show_counters = false;
+static bool display_zero_counters = false;
 
 static const struct option options[] = {
 	{.name = "counters", .has_arg = false, .val = 'c'},
 	{.name = "dump",     .has_arg = false, .val = 'd'},
+	{.name = "zero",     .has_arg = false, .val = 'Z'},
 	{.name = "table",    .has_arg = true,  .val = 't'},
 	{.name = "modprobe", .has_arg = true,  .val = 'M'},
 	{.name = "file",     .has_arg = true,  .val = 'f'},
@@ -107,7 +109,7 @@ xtables_save_main(int family, const char *progname, int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	while ((c = getopt_long(argc, argv, "bcdt:M:f:46", options, NULL)) != -1) {
+	while ((c = getopt_long(argc, argv, "bcZdt:M:f:46", options, NULL)) != -1) {
 		switch (c) {
 		case 'b':
 			fprintf(stderr, "-b/--binary option is not implemented\n");
@@ -115,7 +117,9 @@ xtables_save_main(int family, const char *progname, int argc, char *argv[])
 		case 'c':
 			show_counters = true;
 			break;
-
+		case 'Z':
+			display_zero_counters = true;
+			break;
 		case 't':
 			/* Select specific table. */
 			tablename = optarg;
-- 
2.11.0


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux