From d8e6563430ab692cf093a81b9b6ac997739d9504 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Fri, 5 Jan 2001 15:20:07 +0000 Subject: o serveral changes / additions to libiptc: - iptc_set_policy has additional argument 'counters' to be consistent with iptc_get_policy - added functions for counter manipulation (iptc_read_counter, iptc_zero_counter, iptc_set_counter) o iptables-save and iptables-restore manpage clearifications o iptables-restore counter restoring for chain counters --- ip6tables-standalone.c | 1 + ip6tables.c | 2 +- iptables-restore.8 | 7 +++++++ iptables-restore.c | 34 +++++++++++++++++++++++++++++----- iptables-save.8 | 2 ++ iptables-save.c | 6 +++--- iptables-standalone.c | 1 + iptables.c | 2 +- 8 files changed, 45 insertions(+), 10 deletions(-) diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c index e2b10f88..f6b362c2 100644 --- a/ip6tables-standalone.c +++ b/ip6tables-standalone.c @@ -25,6 +25,7 @@ */ #include +#include #include #include diff --git a/ip6tables.c b/ip6tables.c index 31e5f528..045b4baa 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1976,7 +1976,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) ret = ip6tc_rename_chain(chain, newname, handle); break; case CMD_SET_POLICY: - ret = ip6tc_set_policy(chain, policy, handle); + ret = ip6tc_set_policy(chain, policy, NULL, handle); break; default: /* We should never reach this... */ diff --git a/iptables-restore.8 b/iptables-restore.8 index cb0b902c..590015e3 100644 --- a/iptables-restore.8 +++ b/iptables-restore.8 @@ -44,10 +44,17 @@ This raises some dependency problems when using the unmodified output of .B iptables-restore as input for .B iptables-restore. +.PP Expect this to be fixed in the next iptables release. +.PP To make it work, reorder the output in a way that in every table, all user-defined chains are created before any other chain uses this chain as target. +.PP +.B iptables-restore +does only restore the counter values of the builtin chains, and +.B NOT +the individual counters of each rule. .SH AUTHOR Harald Welte .SH SEE ALSO diff --git a/iptables-restore.c b/iptables-restore.c index 27ea4e3c..dbee1b67 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -58,6 +58,10 @@ iptc_handle_t create_handle(const char *tablename) return handle; } +int parse_counters(char *string, struct ipt_counters *ctr) +{ + return (sscanf(string, "[%llu:%llu]", &ctr->pcnt, &ctr->bcnt) == 2); +} int main(int argc, char *argv[]) { @@ -159,8 +163,6 @@ int main(int argc, char *argv[]) /* New chain. */ char *policy, *chain; - /* FIXME: Don't ignore counters. */ - chain = strtok(buffer+1, " \t\n"); DEBUGP("line %u, chain '%s'\n", line, chain); if (!chain) { @@ -189,11 +191,24 @@ int main(int argc, char *argv[]) } if (strcmp(policy, "-") != 0) { + struct ipt_counters count; + + if (counters) { + char *ctrs; + ctrs = strtok(NULL, " \t\n"); + + parse_counters(ctrs, &count); + + } else { + memset(&count, 0, + sizeof(struct ipt_counters)); + } DEBUGP("Setting policy of chain %s to %s\n", chain, policy); - if (!iptc_set_policy(chain, policy, &handle)) + if (!iptc_set_policy(chain, policy, &count, + &handle)) exit_error(OTHER_PROBLEM, "Can't set policy `%s'" " on `%s' line %u: %s\n", @@ -207,16 +222,25 @@ int main(int argc, char *argv[]) char *newargv[1024]; int i,a; char *ptr = buffer; + char *ctrs = NULL; + struct ipt_counters count; - /* FIXME: Don't ignore counters. */ if (buffer[0] == '[') { ptr = strchr(buffer, ']'); if (!ptr) exit_error(PARAMETER_PROBLEM, "Bad line %u: need ]\n", line); + ctrs = strtok(ptr, " \t\n"); + } + + if (counters && ctrs) { + + parse_counters(ctrs, &count); } + /* FIXME: Don't ignore counters. */ + newargv[0] = argv[0]; newargv[1] = "-t"; newargv[2] = (char *) &curtable; @@ -225,7 +249,7 @@ int main(int argc, char *argv[]) /* strtok: a function only a coder could love */ for (i = 5; i < sizeof(newargv)/sizeof(char *); i++) { - if (!(newargv[i] = strtok(ptr, " \t\n"))) + if (!(newargv[i] = strtok(NULL, " \t\n"))) break; ptr = NULL; } diff --git a/iptables-save.8 b/iptables-save.8 index ff273549..32b70ef2 100644 --- a/iptables-save.8 +++ b/iptables-save.8 @@ -43,7 +43,9 @@ This raises some dependency problems when using the unmodified output of .B iptables-save as input for .B iptables-restore. +.PP Expect this to be fixed in the next iptables release. +.PP To make it work, reorder the output in a way that in every table, all user-defined chains are created before any other chain uses this chain as target. diff --git a/iptables-save.c b/iptables-save.c index 413e1ad3..a97d4481 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -145,7 +145,7 @@ static void print_rule(const struct ipt_entry *e, /* print counters */ if (counters) - printf("[%llu,%llu] ", e->counters.pcnt, e->counters.bcnt); + printf("[%llu:%llu] ", e->counters.pcnt, e->counters.bcnt); /* Print IP part. */ print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr, @@ -251,9 +251,9 @@ static int do_output(const char *tablename) struct ipt_counters count; printf("%s ", iptc_get_policy(chain, &count, &h)); - printf("%llu:%llu\n", count.pcnt, count.bcnt); + printf("[%llu:%llu]\n", count.pcnt, count.bcnt); } else { - printf("- 0 0\n"); + printf("- [0:0]\n"); } /* Dump out rules */ diff --git a/iptables-standalone.c b/iptables-standalone.c index 7bd3a48f..102c0f39 100644 --- a/iptables-standalone.c +++ b/iptables-standalone.c @@ -27,6 +27,7 @@ #include #include #include +#include #include int diff --git a/iptables.c b/iptables.c index e6b02889..2079b682 100644 --- a/iptables.c +++ b/iptables.c @@ -2195,7 +2195,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) ret = iptc_rename_chain(chain, newname, handle); break; case CMD_SET_POLICY: - ret = iptc_set_policy(chain, policy, handle); + ret = iptc_set_policy(chain, policy, NULL, handle); break; default: /* We should never reach this... */ -- cgit v1.2.3