Re: Wrapper script for ipset listing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10.01.2013 16:19, Jozsef Kadlecsik wrote:

On Thu, 10 Jan 2013, Born Without wrote:


On 09.01.2013 12:52, Pablo Neira Ayuso wrote:
[...]


Suggestion: Some explicit header with licensing terms of your script
is a good idea if you want to share things, otherwise the law in most
countries defaults to "all right reserved".


[...]

Don't know much about them.
But I guess GPL 3 will do?


GPL 2 or 3 will do, whichever you prefer.


Also for Jozsef, if he would consider adding it to contrib?


Yes, of course.


One thing still is missing, to make it more foolproof, there's no checking for
supported ipset versions (i.e v2.x) in the script.
I only have 6.16.1 installed.
I don't know if the -v|--version option is persistent through ipset versions.


Yes, assuming the 6.x branch. But 4.x is not developed anymore and 5.x was
a very short lived branch. Please assume 6.x or above in your script.

In the ipset version string the first number always corresponds to the
protocol version. The second number indicates the release number and
sometimes there's a third number when a quick release with a very minor
change is required.


I don't know if the format of the version output is persistent through ipset
versions.


It may change partially, from this

ipset v6.14, protocol version: 6

to

ipset v7.Y, protocol versions: 6-7


I don't know from what version the \`list' action is valid (before it was -L i
think?).


Starting from 6.0 both syntax is valid.


I don't know if the plain listing output (header - members) is persistent
through ipset versions.


Yes, with the conditions I wrote previously, i.e. which prepares the
script to accept new header lines inserted before Members or new values
appended.


Thank you Jozsef for that information.

I chose GPL v3...
For version checking I just extract the first digit after 'ipset v'. Should be sufficient. 
The script doesn't check for new appended values, so nothing to do there.
Regarding headers it just checks for 'Name:' and 'Members:' to find them. Some checks included if it's expecting an header or not. 

Also changed the following:

- Added -i option to show only the members of a (single) selected set.
- Allow combination of -c and -t, to show headers and members sum of (selected) sets. 
- Add ipset version checking (allow 6.x and upwards).
- Check for BASH variable.
- Added version.
- Don't display member count (of 0) if an invalid set name is used.
- More exammples and comments.

Attached and hopefully bug-free

Best regards

Attachment: ipset_list_v1.tgz
Description: application/compressed

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux