From: Mohit Mehta <mohit.mehta@vyatta.com>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Netfilter Developer Mailing List <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables
Date: Thu, 10 Sep 2009 09:24:01 -0700 (PDT) [thread overview]
Message-ID: <4281186.244991252599841498.JavaMail.root@tahiti.vyatta.com> (raw)
In-Reply-To: <alpine.LSU.2.00.0909101620240.24353@obet.zrqbmnf.qr>
Hi Jan,
Sorry for the delay in reponse. I thought you were making a statement :-) Also, thanks for cleaning up the whitespaces and man page stuff for the patch.
So, as you already mentioned in your previous post -
> wonder what the real-world use of this is, apart from
> rule debugging (for which -j TRACE seems better anyhow).
The motivation for exposing the existing library function for -Z # was to facilitate an easy way for the users to debug a specific rule. I think this is most useful when there's a couple hundred rules and the user wants to quickly check if a specific rule is getting hit by looking at its counters.
Honestly, I had not looked at the TRACE target before this and that as you point out is also useful in rule debugging. But I guess that resetting the counters of a rule would would come in handy when the user already has a target defined for a rule and wants to quickly test if the rule is getting hit for an expected traffic pattern as defined in the rule. Hopefully, other people will find this useful as well.
Mohit
----- Jan Engelhardt <jengelh@medozas.de> wrote:
> Hi Mohit,
>
>
> On Wednesday 2009-08-19 22:41, Jan Engelhardt wrote:
> >
> >>I was able to cleanly apply the attached modified patches to the
> >> latest iptables code. Also, below is the code in text if attachment
> >> doesn't reach.
> >>
> >>Subject: [PATCH] expose option to zero packet and byte counters for a specific rule using iptables
> >
> >
> >I wonder what the real-world use of this is, apart from
> >rule debugging (for which -j TRACE seems better anyhow).
>
> That was meant to be a question. Could you please let me know why
> exactly -Z # was needed? I guess there was some large value seen in it
> given you were sending it from Vyatta, so I would like to know. If it
> was just an experiment and TRACE and/or quota2 (Xta) was sufficient in
> regards to you accomplishing whatever the intention was to, please also
> let me know so that I can possibly discard the branch with your -Z#
> submission.
prev parent reply other threads:[~2009-09-10 16:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <13574679.27071234914513480.JavaMail.root@tahiti.vyatta.com>
2009-02-17 23:51 ` [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables Mohit Mehta
2009-02-18 18:40 ` Patrick McHardy
2009-02-18 20:17 ` Mohit Mehta
2009-02-18 20:22 ` Jan Engelhardt
2009-02-18 20:32 ` Mohit Mehta
2009-02-19 10:21 ` Patrick McHardy
2009-02-19 19:41 ` Mohit Mehta
2009-02-19 20:11 ` Patrick McHardy
2009-08-19 17:56 ` Mohit Mehta
2009-08-19 20:41 ` Jan Engelhardt
2009-09-10 14:26 ` Jan Engelhardt
2009-09-10 16:24 ` Mohit Mehta [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4281186.244991252599841498.JavaMail.root@tahiti.vyatta.com \
--to=mohit.mehta@vyatta.com \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).