diff options
author | laforge <laforge> | 2001-01-05 15:20:07 +0000 |
---|---|---|
committer | laforge <laforge> | 2001-01-05 15:20:07 +0000 |
commit | bd8fbd95c8f1854b6a070b6af3ce7ad66e462469 (patch) | |
tree | 1ce5b64143d7ca4b041fdb4f4a6e6cafbf61f056 | |
parent | 97d05306a169f2f5022cad575bada0156e6a2c9b (diff) |
o serveral changes / additions to libiptc:
- iptc_set_policy has additional argument 'counters' to be consistent
with iptc_get_policy
- added functions for counter manipulation
(iptc_read_counter, iptc_zero_counter, iptc_set_counter)
o iptables-save and iptables-restore manpage clearifications
o iptables-restore counter restoring for chain counters
-rw-r--r-- | ip6tables-standalone.c | 1 | ||||
-rw-r--r-- | ip6tables.c | 2 | ||||
-rw-r--r-- | iptables-restore.8 | 7 | ||||
-rw-r--r-- | iptables-restore.c | 34 | ||||
-rw-r--r-- | iptables-save.8 | 2 | ||||
-rw-r--r-- | iptables-save.c | 6 | ||||
-rw-r--r-- | iptables-standalone.c | 1 | ||||
-rw-r--r-- | iptables.c | 2 |
8 files changed, 45 insertions, 10 deletions
diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c index e2b10f8..f6b362c 100644 --- a/ip6tables-standalone.c +++ b/ip6tables-standalone.c @@ -25,6 +25,7 @@ */ #include <stdio.h> +#include <stdlib.h> #include <errno.h> #include <ip6tables.h> diff --git a/ip6tables.c b/ip6tables.c index 31e5f52..045b4ba 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1976,7 +1976,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) ret = ip6tc_rename_chain(chain, newname, handle); break; case CMD_SET_POLICY: - ret = ip6tc_set_policy(chain, policy, handle); + ret = ip6tc_set_policy(chain, policy, NULL, handle); break; default: /* We should never reach this... */ diff --git a/iptables-restore.8 b/iptables-restore.8 index cb0b902..590015e 100644 --- a/iptables-restore.8 +++ b/iptables-restore.8 @@ -44,10 +44,17 @@ This raises some dependency problems when using the unmodified output of .B iptables-restore as input for .B iptables-restore. +.PP Expect this to be fixed in the next iptables release. +.PP To make it work, reorder the output in a way that in every table, all user-defined chains are created before any other chain uses this chain as target. +.PP +.B iptables-restore +does only restore the counter values of the builtin chains, and +.B NOT +the individual counters of each rule. .SH AUTHOR Harald Welte <laforge@gnumonks.org> .SH SEE ALSO diff --git a/iptables-restore.c b/iptables-restore.c index 27ea4e3..dbee1b6 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -58,6 +58,10 @@ iptc_handle_t create_handle(const char *tablename) return handle; } +int parse_counters(char *string, struct ipt_counters *ctr) +{ + return (sscanf(string, "[%llu:%llu]", &ctr->pcnt, &ctr->bcnt) == 2); +} int main(int argc, char *argv[]) { @@ -159,8 +163,6 @@ int main(int argc, char *argv[]) /* New chain. */ char *policy, *chain; - /* FIXME: Don't ignore counters. */ - chain = strtok(buffer+1, " \t\n"); DEBUGP("line %u, chain '%s'\n", line, chain); if (!chain) { @@ -189,11 +191,24 @@ int main(int argc, char *argv[]) } if (strcmp(policy, "-") != 0) { + struct ipt_counters count; + + if (counters) { + char *ctrs; + ctrs = strtok(NULL, " \t\n"); + + parse_counters(ctrs, &count); + + } else { + memset(&count, 0, + sizeof(struct ipt_counters)); + } DEBUGP("Setting policy of chain %s to %s\n", chain, policy); - if (!iptc_set_policy(chain, policy, &handle)) + if (!iptc_set_policy(chain, policy, &count, + &handle)) exit_error(OTHER_PROBLEM, "Can't set policy `%s'" " on `%s' line %u: %s\n", @@ -207,16 +222,25 @@ int main(int argc, char *argv[]) char *newargv[1024]; int i,a; char *ptr = buffer; + char *ctrs = NULL; + struct ipt_counters count; - /* FIXME: Don't ignore counters. */ if (buffer[0] == '[') { ptr = strchr(buffer, ']'); if (!ptr) exit_error(PARAMETER_PROBLEM, "Bad line %u: need ]\n", line); + ctrs = strtok(ptr, " \t\n"); + } + + if (counters && ctrs) { + + parse_counters(ctrs, &count); } + /* FIXME: Don't ignore counters. */ + newargv[0] = argv[0]; newargv[1] = "-t"; newargv[2] = (char *) &curtable; @@ -225,7 +249,7 @@ int main(int argc, char *argv[]) /* strtok: a function only a coder could love */ for (i = 5; i < sizeof(newargv)/sizeof(char *); i++) { - if (!(newargv[i] = strtok(ptr, " \t\n"))) + if (!(newargv[i] = strtok(NULL, " \t\n"))) break; ptr = NULL; } diff --git a/iptables-save.8 b/iptables-save.8 index ff27354..32b70ef 100644 --- a/iptables-save.8 +++ b/iptables-save.8 @@ -43,7 +43,9 @@ This raises some dependency problems when using the unmodified output of .B iptables-save as input for .B iptables-restore. +.PP Expect this to be fixed in the next iptables release. +.PP To make it work, reorder the output in a way that in every table, all user-defined chains are created before any other chain uses this chain as target. diff --git a/iptables-save.c b/iptables-save.c index 413e1ad..a97d448 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -145,7 +145,7 @@ static void print_rule(const struct ipt_entry *e, /* print counters */ if (counters) - printf("[%llu,%llu] ", e->counters.pcnt, e->counters.bcnt); + printf("[%llu:%llu] ", e->counters.pcnt, e->counters.bcnt); /* Print IP part. */ print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr, @@ -251,9 +251,9 @@ static int do_output(const char *tablename) struct ipt_counters count; printf("%s ", iptc_get_policy(chain, &count, &h)); - printf("%llu:%llu\n", count.pcnt, count.bcnt); + printf("[%llu:%llu]\n", count.pcnt, count.bcnt); } else { - printf("- 0 0\n"); + printf("- [0:0]\n"); } /* Dump out rules */ diff --git a/iptables-standalone.c b/iptables-standalone.c index 7bd3a48..102c0f3 100644 --- a/iptables-standalone.c +++ b/iptables-standalone.c @@ -27,6 +27,7 @@ #include <stdio.h> #include <stdlib.h> #include <errno.h> +#include <string.h> #include <iptables.h> int @@ -2195,7 +2195,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) ret = iptc_rename_chain(chain, newname, handle); break; case CMD_SET_POLICY: - ret = iptc_set_policy(chain, policy, handle); + ret = iptc_set_policy(chain, policy, NULL, handle); break; default: /* We should never reach this... */ |