diff options
author | Elise Lennion <elise.lennion@gmail.com> | 2017-01-16 18:40:40 -0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-01-16 21:51:20 +0100 |
commit | c5a3c8918330f3b5af883ee5b071989e8917177b (patch) | |
tree | eb1afab56c3bd72c526f61e2ef3309ad4850a842 /src/main.c | |
parent | e3ec9362f0edad08834cb8ba66bc45fdb0bf33f5 (diff) |
src: Allow to list ruleset without stateful information
Currently only counter and quota have stateful information.
For named counters, packets and bytes are displayed as 0.
Standard list ruleset:
table ip filter {
counter https {
packets 161942 bytes 10253353
}
chain output {
type filter hook output priority 0; policy accept;
counter name tcp dport map { https : "https"}
tcp dport https counter packets 171211 bytes 10869045
tcp dport https quota 25 mbytes used 10 mbytes
}
}
With stateless option, -s:
table ip filter {
counter https {
packets 0 bytes 0
}
chain output {
type filter hook output priority 0; policy accept;
counter name tcp dport map { https : "https"}
tcp dport https counter
tcp dport https quota 25 mbytes
}
}
Signed-off-by: Elise Lennion <elise.lennion@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/main.c')
-rw-r--r-- | src/main.c | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -35,6 +35,7 @@ unsigned int handle_output; #ifdef DEBUG unsigned int debug_level; #endif +bool stateless_output; const char *include_paths[INCLUDE_PATHS_MAX] = { DEFAULT_INCLUDE_PATH }; static unsigned int num_include_paths = 1; @@ -46,13 +47,14 @@ enum opt_vals { OPT_INTERACTIVE = 'i', OPT_INCLUDEPATH = 'I', OPT_NUMERIC = 'n', + OPT_STATELESS = 's', OPT_IP2NAME = 'N', OPT_DEBUG = 'd', OPT_HANDLE_OUTPUT = 'a', OPT_INVALID = '?', }; -#define OPTSTRING "hvf:iI:vnNa" +#define OPTSTRING "hvf:iI:vnsNa" static const struct option options[] = { { @@ -77,6 +79,10 @@ static const struct option options[] = { .val = OPT_NUMERIC, }, { + .name = "stateless", + .val = OPT_STATELESS, + }, + { .name = "reversedns", .val = OPT_IP2NAME, }, @@ -116,6 +122,7 @@ static void show_help(const char *name) " -n, --numeric When specified once, show network addresses numerically (default behaviour).\n" " Specify twice to also show Internet services (port numbers) numerically.\n" " Specify three times to also show protocols, user IDs, and group IDs numerically.\n" +" -s, --stateless Omit stateful information of ruleset.\n" " -N Translate IP addresses to names.\n" " -a, --handle Output rule handle.\n" " -I, --includepath <directory> Add <directory> to the paths searched for include files.\n" @@ -283,6 +290,9 @@ int main(int argc, char * const *argv) case OPT_NUMERIC: numeric_output++; break; + case OPT_STATELESS: + stateless_output = true; + break; case OPT_IP2NAME: ip2name_output++; break; |