From: Mohit Mehta <mohit.mehta@vyatta.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables
Date: Tue, 17 Feb 2009 15:51:21 -0800 (PST) [thread overview]
Message-ID: <4994336.27091234914681076.JavaMail.root@tahiti.vyatta.com> (raw)
In-Reply-To: <13574679.27071234914513480.JavaMail.root@tahiti.vyatta.com>
iptc_zero_counter/ip6tc_zero_counter are functions available in libiptc to zero counters for a rule in a given chain. However, this is not exposed in iptables/ip6tables. The patch below exposes the underlying function to the user to zero out packet and byte counters for a specific rule.
build-vm-jenner:/jenner/pkgs/iptables# git diff -u 039683e8958bb161d3eaece4853898ee575bc0f5 iptables.c ip6tables.c
diff --git a/ip6tables.c b/ip6tables.c
index e146114..22612b6 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -79,9 +79,10 @@
#define CMD_SET_POLICY 0x0400U
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
-#define NUMBER_OF_CMD 14
+#define CMD_ZERO_NUM 0x2000U
+#define NUMBER_OF_CMD 15
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S' };
+ 'Z', 'N', 'X', 'P', 'E', 'S' };
#define OPTION_OFFSET 256
@@ -165,6 +166,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x'},
/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
+/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' '},
@@ -308,7 +310,8 @@ exit_printhelp(struct ip6tables_rule_match *matches)
" --list-rules -S [chain [rulenum]]\n"
" Print the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain] Zero counters in chain or all chains\n"
+" --zero -Z [chain[rulenum]]\n"
+" Zero counters in chain or all chains\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
@@ -1494,7 +1497,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
break;
case 'L':
- add_command(&command, CMD_LIST, CMD_ZERO,
+ add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM,
invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
@@ -1506,8 +1509,8 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
break;
case 'S':
- add_command(&command, CMD_LIST_RULES, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST_RULES,
+ CMD_ZERO|CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1533,6 +1536,11 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
+ if (optind < argc && argv[optind][0] != '-'
+ && argv[optind][0] != '!') {
+ rulenum = parse_rulenumber(argv[optind++]);
+ command = CMD_ZERO_NUM;
+ }
break;
case 'N':
@@ -2035,8 +2043,12 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
case CMD_ZERO:
ret = zero_entries(chain, options&OPT_VERBOSE, handle);
break;
+ case CMD_ZERO_NUM:
+ ret = ip6tc_zero_counter(chain, rulenum, handle);
+ break;
case CMD_LIST:
case CMD_LIST|CMD_ZERO:
+ case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2047,9 +2059,12 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = ip6tc_zero_counter(chain, rulenum, handle);
break;
case CMD_LIST_RULES:
case CMD_LIST_RULES|CMD_ZERO:
+ case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2057,6 +2072,8 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = ip6tc_zero_counter(chain, rulenum, handle);
break;
case CMD_NEW_CHAIN:
ret = ip6tc_create_chain(chain, handle);
diff --git a/iptables.c b/iptables.c
index bf3cbca..4e67925 100644
--- a/iptables.c
+++ b/iptables.c
@@ -76,9 +76,10 @@
#define CMD_SET_POLICY 0x0400U
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
-#define NUMBER_OF_CMD 14
+#define CMD_ZERO_NUM 0x2000U
+#define NUMBER_OF_CMD 15
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S' };
+ 'Z', 'N', 'X', 'P', 'E', 'S' };
#define OPTION_OFFSET 256
@@ -165,6 +166,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ','x'},
/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
+/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x',' '},
@@ -311,7 +313,8 @@ exit_printhelp(struct iptables_rule_match *matches)
" --list-rules -S [chain [rulenum]]\n"
" Print the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain] Zero counters in chain or all chains\n"
+" --zero -Z [chain [rulenum]]\n"
+" Zero counters in chain or all chains\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
@@ -1521,7 +1524,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
break;
case 'L':
- add_command(&command, CMD_LIST, CMD_ZERO,
+ add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM,
invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
@@ -1533,8 +1536,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
break;
case 'S':
- add_command(&command, CMD_LIST_RULES, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST_RULES,
+ CMD_ZERO|CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1560,6 +1563,11 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
+ if (optind < argc && argv[optind][0] != '-'
+ && argv[optind][0] != '!') {
+ rulenum = parse_rulenumber(argv[optind++]);
+ command = CMD_ZERO_NUM;
+ }
break;
case 'N':
@@ -2087,8 +2095,12 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
case CMD_ZERO:
ret = zero_entries(chain, options&OPT_VERBOSE, handle);
break;
+ case CMD_ZERO_NUM:
+ ret = iptc_zero_counter(chain, rulenum, handle);
+ break;
case CMD_LIST:
case CMD_LIST|CMD_ZERO:
+ case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2099,9 +2111,12 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = iptc_zero_counter(chain, rulenum, handle);
break;
case CMD_LIST_RULES:
case CMD_LIST_RULES|CMD_ZERO:
+ case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2109,6 +2124,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = iptc_zero_counter(chain, rulenum, handle);
break;
case CMD_NEW_CHAIN:
ret = iptc_create_chain(chain, handle);
build-vm-jenner:/jenner/pkgs/iptables#
Mohit Mehta
Vyatta Inc.
next parent reply other threads:[~2009-02-17 23:51 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <13574679.27071234914513480.JavaMail.root@tahiti.vyatta.com>
2009-02-17 23:51 ` Mohit Mehta [this message]
2009-02-18 18:40 ` [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables Patrick McHardy
2009-02-18 20:17 ` Mohit Mehta
2009-02-18 20:22 ` Jan Engelhardt
2009-02-18 20:32 ` Mohit Mehta
2009-02-19 10:21 ` Patrick McHardy
2009-02-19 19:41 ` Mohit Mehta
2009-02-19 20:11 ` Patrick McHardy
2009-08-19 17:56 ` Mohit Mehta
2009-08-19 20:41 ` Jan Engelhardt
2009-09-10 14:26 ` Jan Engelhardt
2009-09-10 16:24 ` Mohit Mehta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4994336.27091234914681076.JavaMail.root@tahiti.vyatta.com \
--to=mohit.mehta@vyatta.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.