diff options
author | Phil Sutter <phil@nwl.cc> | 2019-07-22 12:16:19 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-23 21:14:40 +0200 |
commit | 43a87268372a2d2da1ec0d95cee60da0a6f83bff (patch) | |
tree | b22a5a6bd0812f22f6643e773b9851346763530d /iptables/nft-bridge.c | |
parent | 1b8210f84863115690332135f9cb58f679d447de (diff) |
ebtables-save: Fix counter formatting
The initial problem was 'ebtables-save -c' printing iptables-style
counters but at the same time not disabling ebtables-style counter
output (which was even printed in wrong format for ebtables-save).
The code around counter output was complicated enough to motivate a
larger rework:
* Make FMT_C_COUNTS indicate the appended counter style for ebtables.
* Use FMT_EBT_SAVE to distinguish between '-c' style counters and the
legacy pcnt/bcnt ones.
Consequently, ebtables-save sets format to:
FMT_NOCOUNTS - for no counters
FMT_EBT_SAVE - for iptables-style counters
FMT_EBT_SAVE | FMT_C_COUNTS - for '-c' style counters
For regular ebtables, list_rules() always sets FMT_C_COUNTS
(iptables-style counters are never used there) and FMT_NOCOUNTS if no
counters are requested.
The big plus is if neither FMT_NOCOUNTS nor FMT_C_COUNTS is set,
iptables-style counters are to be printed - both in iptables and
ebtables. This allows to drop the ebtables-specific 'save_counters'
callback.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-bridge.c')
-rw-r--r-- | iptables/nft-bridge.c | 39 |
1 files changed, 11 insertions, 28 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index ddfbee16..2e4b309b 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -21,8 +21,6 @@ #include "nft-bridge.h" #include "nft.h" -static bool ebt_legacy_counter_fmt; - void ebt_cs_clean(struct iptables_command_state *cs) { struct ebt_match *m, *nm; @@ -422,22 +420,6 @@ static void print_protocol(uint16_t ethproto, bool invert, unsigned int bitmask) printf("%s ", ent->e_name); } -static void nft_bridge_save_counters(const void *data) -{ - const char *ctr; - - if (ebt_legacy_counter_fmt) - return; - - ctr = getenv("EBTABLES_SAVE_COUNTER"); - if (ctr) { - ebt_legacy_counter_fmt = true; - return; - } - - save_counters(data); -} - static void nft_bridge_save_rule(const void *data, unsigned int format) { const struct iptables_command_state *cs = data; @@ -474,15 +456,16 @@ static void nft_bridge_save_rule(const void *data, unsigned int format) cs->target->print(&cs->fw, cs->target->t, format & FMT_NUMERIC); } - if (format & FMT_EBT_SAVE) - printf(" -c %"PRIu64" %"PRIu64"", - (uint64_t)cs->counters.pcnt, - (uint64_t)cs->counters.bcnt); - - if (!(format & FMT_NOCOUNTS)) - printf(" , pcnt = %"PRIu64" -- bcnt = %"PRIu64"", - (uint64_t)cs->counters.pcnt, - (uint64_t)cs->counters.bcnt); + if ((format & (FMT_NOCOUNTS | FMT_C_COUNTS)) == FMT_C_COUNTS) { + if (format & FMT_EBT_SAVE) + printf(" -c %"PRIu64" %"PRIu64"", + (uint64_t)cs->counters.pcnt, + (uint64_t)cs->counters.bcnt); + else + printf(" , pcnt = %"PRIu64" -- bcnt = %"PRIu64"", + (uint64_t)cs->counters.pcnt, + (uint64_t)cs->counters.bcnt); + } if (!(format & FMT_NONEWLINE)) fputc('\n', stdout); @@ -763,7 +746,7 @@ struct nft_family_ops nft_family_ops_bridge = { .print_header = nft_bridge_print_header, .print_rule = nft_bridge_print_rule, .save_rule = nft_bridge_save_rule, - .save_counters = nft_bridge_save_counters, + .save_counters = save_counters, .save_chain = nft_bridge_save_chain, .post_parse = NULL, .rule_to_cs = nft_rule_to_ebtables_command_state, |