iptables: hashlimit & conntrack misc

All of lore.kernel.org
 help / color / mirror / Atom feed

* iptables: hashlimit & conntrack misc
@ 2010-06-25 12:45 Jan Engelhardt
  2010-06-25 12:45 ` [PATCH 1/2] libxt_hashlimit: always print burst value Jan Engelhardt
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Jan Engelhardt @ 2010-06-25 12:45 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel


The following changes since commit 11c2dd54b69e06ae3f35dea130ecba3df3859243:

  xtables: remove xtables_set_revision function (2010-06-07 12:00:24 +0200)

are available in the git repository at:
  git://dev.medozas.de/iptables master

Jan Engelhardt (2):
      libxt_hashlimit: always print burst value
      libxt_conntrack: do print netmask

 extensions/libxt_conntrack.c |   16 ++++++++++++----
 extensions/libxt_hashlimit.c |    6 ++----
 2 files changed, 14 insertions(+), 8 deletions(-)

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 1/2] libxt_hashlimit: always print burst value
  2010-06-25 12:45 iptables: hashlimit & conntrack misc Jan Engelhardt
@ 2010-06-25 12:45 ` Jan Engelhardt
  2010-06-25 12:49   ` Patrick McHardy
  2010-06-25 12:45 ` [PATCH 2/2] libxt_conntrack: do print netmask Jan Engelhardt
  2010-06-25 12:50 ` iptables: hashlimit & conntrack misc Patrick McHardy
  2 siblings, 1 reply; 5+ messages in thread
From: Jan Engelhardt @ 2010-06-25 12:45 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel

iptables -L lists the burst value, and so should iptables -S. I was
certainly surprised to see it gone even when explicitly specifying
--hashlimit-burst 5 on the command line.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_hashlimit.c |    6 ++----
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index a8fe588..7442dfc 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -591,8 +591,7 @@ static void hashlimit_save(const void *ip, const struct xt_entry_match *match)
 	const struct xt_hashlimit_info *r = (const void *)match->data;
 
 	fputs("--hashlimit ", stdout); print_rate(r->cfg.avg);
-	if (r->cfg.burst != XT_HASHLIMIT_BURST)
-		printf("--hashlimit-burst %u ", r->cfg.burst);
+	printf("--hashlimit-burst %u ", r->cfg.burst);
 
 	fputs("--hashlimit-mode ", stdout);
 	print_mode(r->cfg.mode, ',');
@@ -617,8 +616,7 @@ hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
 	else
 		fputs("--hashlimit-upto ", stdout);
 	print_rate(info->cfg.avg);
-	if (info->cfg.burst != XT_HASHLIMIT_BURST)
-		printf("--hashlimit-burst %u ", info->cfg.burst);
+	printf("--hashlimit-burst %u ", info->cfg.burst);
 
 	if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
 	    XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH 2/2] libxt_conntrack: do print netmask
  2010-06-25 12:45 iptables: hashlimit & conntrack misc Jan Engelhardt
  2010-06-25 12:45 ` [PATCH 1/2] libxt_hashlimit: always print burst value Jan Engelhardt
@ 2010-06-25 12:45 ` Jan Engelhardt
  2010-06-25 12:50 ` iptables: hashlimit & conntrack misc Patrick McHardy
  2 siblings, 0 replies; 5+ messages in thread
From: Jan Engelhardt @ 2010-06-25 12:45 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel

References: http://bugzilla.netfilter.org/show_bug.cgi?id=659
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_conntrack.c |   16 ++++++++++++----
 1 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index e8225e6..5557d3e 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -842,9 +842,13 @@ conntrack_dump_addr(const union nf_inet_addr *addr,
 			return;
 		}
 		if (numeric)
-			printf("%s ", xtables_ipaddr_to_numeric(&addr->in));
+			printf("%s%s ",
+			       xtables_ipaddr_to_numeric(&addr->in),
+			       xtables_ipmask_to_numeric(&mask->in));
 		else
-			printf("%s ", xtables_ipaddr_to_anyname(&addr->in));
+			printf("%s%s ",
+			       xtables_ipaddr_to_anyname(&addr->in),
+			       xtables_ipmask_to_numeric(&mask->in));
 	} else if (family == NFPROTO_IPV6) {
 		if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
 		    addr->ip6[2] == 0 && addr->ip6[3] == 0) {
@@ -852,9 +856,13 @@ conntrack_dump_addr(const union nf_inet_addr *addr,
 			return;
 		}
 		if (numeric)
-			printf("%s ", xtables_ip6addr_to_numeric(&addr->in6));
+			printf("%s%s ",
+			       xtables_ip6addr_to_numeric(&addr->in6),
+			       xtables_ip6mask_to_numeric(&mask->in6));
 		else
-			printf("%s ", xtables_ip6addr_to_anyname(&addr->in6));
+			printf("%s%s ",
+			       xtables_ip6addr_to_anyname(&addr->in6),
+			       xtables_ip6mask_to_numeric(&mask->in6));
 	}
 }
 
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/2] libxt_hashlimit: always print burst value
  2010-06-25 12:45 ` [PATCH 1/2] libxt_hashlimit: always print burst value Jan Engelhardt
@ 2010-06-25 12:49   ` Patrick McHardy
  0 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2010-06-25 12:49 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter-devel

Jan Engelhardt wrote:
> iptables -L lists the burst value, and so should iptables -S. I was
> certainly surprised to see it gone even when explicitly specifying
> --hashlimit-burst 5 on the command line.

I agree.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: iptables: hashlimit & conntrack misc
  2010-06-25 12:45 iptables: hashlimit & conntrack misc Jan Engelhardt
  2010-06-25 12:45 ` [PATCH 1/2] libxt_hashlimit: always print burst value Jan Engelhardt
  2010-06-25 12:45 ` [PATCH 2/2] libxt_conntrack: do print netmask Jan Engelhardt
@ 2010-06-25 12:50 ` Patrick McHardy
  2 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2010-06-25 12:50 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter-devel

Jan Engelhardt wrote:
> The following changes since commit 11c2dd54b69e06ae3f35dea130ecba3df3859243:
>
>   xtables: remove xtables_set_revision function (2010-06-07 12:00:24 +0200)
>
> are available in the git repository at:
>   git://dev.medozas.de/iptables master
>   

Pulled, thanks Jan.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2010-06-25 12:50 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-25 12:45 iptables: hashlimit & conntrack misc Jan Engelhardt
2010-06-25 12:45 ` [PATCH 1/2] libxt_hashlimit: always print burst value Jan Engelhardt
2010-06-25 12:49   ` Patrick McHardy
2010-06-25 12:45 ` [PATCH 2/2] libxt_conntrack: do print netmask Jan Engelhardt
2010-06-25 12:50 ` iptables: hashlimit & conntrack misc Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.