[...]
As I was missing those features in the ipset set listing capabilities:
- show sum of set members
- suppress listing of headers
- choose a delimiter character for separating member entries
I wrote a little wrapper script (for the bash shell) to support them.
[...]
Good day everybody!
over the past two weeks I kept having ideas and implementing them.
The functional additions are:
- show sets which match an arithmetic comparison (==|!=|<|>|<=|>=) on
the sum of their elements.
- match on any header entry using an (ext)glob pattern. multiple
selections are ANDed and only sets containing all patterns are displayed.
- allow arithmetic comparison on any header with an integer value.
multiple selections are ANDed and only sets containing all patterns are
displayed.
- match on set elements using either a (ext)glob, or a regex (=~
operator) pattern. Sum of matches can be displayed with the -c option.
- added some shortcut options to match on header entries:
-Ht - match on set type.
-Hr - match on number of references.
-Hs - match on size in memory.
-Hv - match on the revision number.
I hope those features can be considered useful. opinions welcome.
Now I'm running out of ideas, so if anybody has some, I'll be gladly
considering any input.
I also reworked the help text (-h). But I've never done this before, so
I'm not sure if it's accurate and understandable. I'll paste it here,
maybe somebody here can tell me if I did something wrong.
./ipset_list -h
ipset set listing wrapper script
ipset_list [option [opt-arg]] [set-name] [...]
ipset_list -h | -n
ipset_list -t [-c] [-Mc [!|<|>|<=|>=]value]
[-Fh header-glob:value-glob] [...]
[-Fi header-glob:[!|<|>|<=|>=]value] [...] [-Ht type-glob]
[-Hr|-Hs|-Hv [!|<|>|<=|>=]value] [set-name] [...]
ipset_list -i [-r|-s] [-d char] [-Fg|-Fr pattern] set-name
ipset_list [-a|-c|-m|-r|-s] [-d char] [-Mc [!|<|>|<=|>=]value]
[-Fh header-glob:value-glob] [...]
[-Fi header-glob:[!|<|>|<=|>=]value] [...]
[-Fg|-Fr pattern] [-Ht type-glob]
[-Hr|-Hs|-Hv [!|<|>|<=|>=]value] [set-name] [...]
options:
-a show all information but with default delim (whitespace).
-c calculate members and match (-Fg|-Fr) sum.
-d delim delimiter character for separating member entries.
-h show this help text.
-i show only the members of a single set.
-m show set members.
-n show set names only (raw `ipset list -n' output).
-r try to resolve ip addresses in the output (slow!).
-s print elements sorted (if supported by the set type).
-t show set headers only.
-v version information.
-Fg pattern match set members using a [ext]glob pattern.
-Fr pattern match set members using a regex (=~ operator) pattern.
-Fh header-glob:value-glob [...]
show sets containing one or more ([ext]glob) matching headers.
-Fi header-glob:[!|<|>|<=|>=]value [...]
compare one or more integer valued header entries.
-Ht set-type-glob match on set type.
-Hr [!|<|>|<=|>=]value match on number of references (value=int).
-Hs [!|<|>|<=|>=]value match on size in memory (value=int).
-Hv [!|<|>|<=|>=]value match on revision number (value=int).
-Mc [!|<|>|<=|>=]value match on member count (value=int).
I hope with this and the examples in the code and on github, the
features are well enough documented.
I've tested the script as much as I could, but sure some testers would
be greatly welcome. So if anybody finds a bug, please let me know!
@Jozsef - please be sure to check github for eventually updated
versions, in case you put it in /contrib for ipset release.
Code and description are here:
https://github.com/AllKind/ipset_list
Considered 'good' versions archives are here:
https://github.com/AllKind/ipset_list/tags
Thank you for your time and interest!
Best regards
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
