From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 2/9] iptables-save: remove binary dumping dead code
Date: Mon, 12 Sep 2011 11:32:53 +0200 [thread overview]
Message-ID: <20110912093253.GC2194@1984> (raw)
In-Reply-To: <1315755359-7012-3-git-send-email-jengelh@medozas.de>
On Sun, Sep 11, 2011 at 05:35:51PM +0200, Jan Engelhardt wrote:
> Was never implemented, kill it.
>
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
> ---
> iptables/ip6tables-save.c | 80 +++++++++++++++++++--------------------------
> iptables/iptables-save.c | 80 +++++++++++++++++++--------------------------
> 2 files changed, 68 insertions(+), 92 deletions(-)
>
> diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
> index ad0e70f..38b0c2f 100644
> --- a/iptables/ip6tables-save.c
> +++ b/iptables/ip6tables-save.c
> @@ -22,10 +22,9 @@
> #include <dlfcn.h>
> #endif
>
> -static int show_binary = 0, show_counters = 0;
> +static int show_counters = 0;
>
> static const struct option options[] = {
> - {.name = "binary", .has_arg = false, .val = 'b'},
Please, better something less agressive like displaying a message
telling "-b option was never implemented, ignoring it".
So if anyone, for some strange reason, is using it, their scripts will
not break.
I know this may sound a bit nitpicking but I think it's good to make
sure that we don't break anything.
Thanks.
> {.name = "counters", .has_arg = false, .val = 'c'},
> {.name = "dump", .has_arg = false, .val = 'd'},
> {.name = "table", .has_arg = true, .val = 't'},
> @@ -76,52 +75,45 @@ static int do_output(const char *tablename)
> xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
> ip6tc_strerror(errno));
>
> - if (!show_binary) {
> - time_t now = time(NULL);
> -
> - printf("# Generated by ip6tables-save v%s on %s",
> - IPTABLES_VERSION, ctime(&now));
> - printf("*%s\n", tablename);
> -
> - /* Dump out chain names first,
> - * thereby preventing dependency conflicts */
> - for (chain = ip6tc_first_chain(h);
> - chain;
> - chain = ip6tc_next_chain(h)) {
> -
> - printf(":%s ", chain);
> - if (ip6tc_builtin(chain, h)) {
> - struct ip6t_counters count;
> - printf("%s ",
> - ip6tc_get_policy(chain, &count, h));
> - printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
> - } else {
> - printf("- [0:0]\n");
> - }
> + time_t now = time(NULL);
> +
> + printf("# Generated by ip6tables-save v%s on %s",
> + IPTABLES_VERSION, ctime(&now));
> + printf("*%s\n", tablename);
> +
> + /* Dump out chain names first,
> + * thereby preventing dependency conflicts */
> + for (chain = ip6tc_first_chain(h);
> + chain;
> + chain = ip6tc_next_chain(h)) {
> +
> + printf(":%s ", chain);
> + if (ip6tc_builtin(chain, h)) {
> + struct ip6t_counters count;
> + printf("%s ",
> + ip6tc_get_policy(chain, &count, h));
> + printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
> + } else {
> + printf("- [0:0]\n");
> }
> + }
>
> + for (chain = ip6tc_first_chain(h);
> + chain;
> + chain = ip6tc_next_chain(h)) {
> + const struct ip6t_entry *e;
>
> - for (chain = ip6tc_first_chain(h);
> - chain;
> - chain = ip6tc_next_chain(h)) {
> - const struct ip6t_entry *e;
> -
> - /* Dump out rules */
> - e = ip6tc_first_rule(chain, h);
> - while(e) {
> - print_rule6(e, h, chain, show_counters);
> - e = ip6tc_next_rule(e, h);
> - }
> + /* Dump out rules */
> + e = ip6tc_first_rule(chain, h);
> + while(e) {
> + print_rule6(e, h, chain, show_counters);
> + e = ip6tc_next_rule(e, h);
> }
> -
> - now = time(NULL);
> - printf("COMMIT\n");
> - printf("# Completed on %s", ctime(&now));
> - } else {
> - /* Binary, huh? OK. */
> - xtables_error(OTHER_PROBLEM, "Binary NYI\n");
> }
>
> + now = time(NULL);
> + printf("COMMIT\n");
> + printf("# Completed on %s", ctime(&now));
> ip6tc_free(h);
>
> return 1;
> @@ -151,10 +143,6 @@ int ip6tables_save_main(int argc, char *argv[])
>
> while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
> switch (c) {
> - case 'b':
> - show_binary = 1;
> - break;
> -
> case 'c':
> show_counters = 1;
> break;
> diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
> index 73fba12..a25a186 100644
> --- a/iptables/iptables-save.c
> +++ b/iptables/iptables-save.c
> @@ -21,10 +21,9 @@
> #include <dlfcn.h>
> #endif
>
> -static int show_binary = 0, show_counters = 0;
> +static int show_counters = 0;
>
> static const struct option options[] = {
> - {.name = "binary", .has_arg = false, .val = 'b'},
> {.name = "counters", .has_arg = false, .val = 'c'},
> {.name = "dump", .has_arg = false, .val = 'd'},
> {.name = "table", .has_arg = true, .val = 't'},
> @@ -74,52 +73,45 @@ static int do_output(const char *tablename)
> xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
> iptc_strerror(errno));
>
> - if (!show_binary) {
> - time_t now = time(NULL);
> -
> - printf("# Generated by iptables-save v%s on %s",
> - IPTABLES_VERSION, ctime(&now));
> - printf("*%s\n", tablename);
> -
> - /* Dump out chain names first,
> - * thereby preventing dependency conflicts */
> - for (chain = iptc_first_chain(h);
> - chain;
> - chain = iptc_next_chain(h)) {
> -
> - printf(":%s ", chain);
> - if (iptc_builtin(chain, h)) {
> - struct ipt_counters count;
> - printf("%s ",
> - iptc_get_policy(chain, &count, h));
> - printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
> - } else {
> - printf("- [0:0]\n");
> - }
> + time_t now = time(NULL);
> +
> + printf("# Generated by iptables-save v%s on %s",
> + IPTABLES_VERSION, ctime(&now));
> + printf("*%s\n", tablename);
> +
> + /* Dump out chain names first,
> + * thereby preventing dependency conflicts */
> + for (chain = iptc_first_chain(h);
> + chain;
> + chain = iptc_next_chain(h)) {
> +
> + printf(":%s ", chain);
> + if (iptc_builtin(chain, h)) {
> + struct ipt_counters count;
> + printf("%s ",
> + iptc_get_policy(chain, &count, h));
> + printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
> + } else {
> + printf("- [0:0]\n");
> }
> + }
>
> + for (chain = iptc_first_chain(h);
> + chain;
> + chain = iptc_next_chain(h)) {
> + const struct ipt_entry *e;
>
> - for (chain = iptc_first_chain(h);
> - chain;
> - chain = iptc_next_chain(h)) {
> - const struct ipt_entry *e;
> -
> - /* Dump out rules */
> - e = iptc_first_rule(chain, h);
> - while(e) {
> - print_rule4(e, h, chain, show_counters);
> - e = iptc_next_rule(e, h);
> - }
> + /* Dump out rules */
> + e = iptc_first_rule(chain, h);
> + while(e) {
> + print_rule4(e, h, chain, show_counters);
> + e = iptc_next_rule(e, h);
> }
> -
> - now = time(NULL);
> - printf("COMMIT\n");
> - printf("# Completed on %s", ctime(&now));
> - } else {
> - /* Binary, huh? OK. */
> - xtables_error(OTHER_PROBLEM, "Binary NYI\n");
> }
>
> + now = time(NULL);
> + printf("COMMIT\n");
> + printf("# Completed on %s", ctime(&now));
> iptc_free(h);
>
> return 1;
> @@ -150,10 +142,6 @@ iptables_save_main(int argc, char *argv[])
>
> while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
> switch (c) {
> - case 'b':
> - show_binary = 1;
> - break;
> -
> case 'c':
> show_counters = 1;
> break;
> --
> 1.7.3.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-09-12 9:33 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
2011-09-11 15:35 ` [PATCH 1/9] libiptc: resolve compile failure Jan Engelhardt
2011-09-11 15:35 ` [PATCH 2/9] iptables-save: remove binary dumping dead code Jan Engelhardt
2011-09-12 9:32 ` Pablo Neira Ayuso [this message]
2011-09-12 10:48 ` Jan Engelhardt
2011-09-12 18:52 ` Pablo Neira Ayuso
2011-09-11 15:35 ` [PATCH 3/9] libiptc: remove unused HOOK_DROPPING thing Jan Engelhardt
2011-09-11 15:35 ` [PATCH 4/9] libiptc: combine common types Jan Engelhardt
2011-09-12 9:36 ` Pablo Neira Ayuso
2011-09-12 10:43 ` Jan Engelhardt
2011-09-12 18:38 ` Pablo Neira Ayuso
2011-09-11 15:35 ` [PATCH 5/9] libiptc: replace ipt_chainlabel by xt_chainlabel Jan Engelhardt
2011-09-11 15:35 ` [PATCH 6/9] libiptc: combine common types: _handle Jan Engelhardt
2011-09-11 15:35 ` [PATCH 7/9] src: resolve old macro names that are indirections Jan Engelhardt
2011-09-11 15:35 ` [PATCH 8/9] libiptc: use a family-invariant xtc_ops struct for code reduction Jan Engelhardt
2011-09-11 15:35 ` [PATCH 9/9] ip6tables-restore: make code look alike with iptables-restore Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110912093253.GC2194@1984 \
--to=pablo@netfilter.org \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.