From: Mohit Mehta <mohit.mehta@vyatta.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables
Date: Tue, 17 Feb 2009 15:51:21 -0800 (PST) [thread overview]
Message-ID: <4994336.27091234914681076.JavaMail.root@tahiti.vyatta.com> (raw)
In-Reply-To: <13574679.27071234914513480.JavaMail.root@tahiti.vyatta.com>
iptc_zero_counter/ip6tc_zero_counter are functions available in libiptc to zero counters for a rule in a given chain. However, this is not exposed in iptables/ip6tables. The patch below exposes the underlying function to the user to zero out packet and byte counters for a specific rule.
build-vm-jenner:/jenner/pkgs/iptables# git diff -u 039683e8958bb161d3eaece4853898ee575bc0f5 iptables.c ip6tables.c
diff --git a/ip6tables.c b/ip6tables.c
index e146114..22612b6 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -79,9 +79,10 @@
#define CMD_SET_POLICY 0x0400U
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
-#define NUMBER_OF_CMD 14
+#define CMD_ZERO_NUM 0x2000U
+#define NUMBER_OF_CMD 15
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S' };
+ 'Z', 'N', 'X', 'P', 'E', 'S' };
#define OPTION_OFFSET 256
@@ -165,6 +166,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x'},
/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
+/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' '},
@@ -308,7 +310,8 @@ exit_printhelp(struct ip6tables_rule_match *matches)
" --list-rules -S [chain [rulenum]]\n"
" Print the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain] Zero counters in chain or all chains\n"
+" --zero -Z [chain[rulenum]]\n"
+" Zero counters in chain or all chains\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
@@ -1494,7 +1497,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
break;
case 'L':
- add_command(&command, CMD_LIST, CMD_ZERO,
+ add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM,
invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
@@ -1506,8 +1509,8 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
break;
case 'S':
- add_command(&command, CMD_LIST_RULES, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST_RULES,
+ CMD_ZERO|CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1533,6 +1536,11 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
+ if (optind < argc && argv[optind][0] != '-'
+ && argv[optind][0] != '!') {
+ rulenum = parse_rulenumber(argv[optind++]);
+ command = CMD_ZERO_NUM;
+ }
break;
case 'N':
@@ -2035,8 +2043,12 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
case CMD_ZERO:
ret = zero_entries(chain, options&OPT_VERBOSE, handle);
break;
+ case CMD_ZERO_NUM:
+ ret = ip6tc_zero_counter(chain, rulenum, handle);
+ break;
case CMD_LIST:
case CMD_LIST|CMD_ZERO:
+ case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2047,9 +2059,12 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = ip6tc_zero_counter(chain, rulenum, handle);
break;
case CMD_LIST_RULES:
case CMD_LIST_RULES|CMD_ZERO:
+ case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2057,6 +2072,8 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = ip6tc_zero_counter(chain, rulenum, handle);
break;
case CMD_NEW_CHAIN:
ret = ip6tc_create_chain(chain, handle);
diff --git a/iptables.c b/iptables.c
index bf3cbca..4e67925 100644
--- a/iptables.c
+++ b/iptables.c
@@ -76,9 +76,10 @@
#define CMD_SET_POLICY 0x0400U
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
-#define NUMBER_OF_CMD 14
+#define CMD_ZERO_NUM 0x2000U
+#define NUMBER_OF_CMD 15
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S' };
+ 'Z', 'N', 'X', 'P', 'E', 'S' };
#define OPTION_OFFSET 256
@@ -165,6 +166,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ','x'},
/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
+/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x',' '},
@@ -311,7 +313,8 @@ exit_printhelp(struct iptables_rule_match *matches)
" --list-rules -S [chain [rulenum]]\n"
" Print the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain] Zero counters in chain or all chains\n"
+" --zero -Z [chain [rulenum]]\n"
+" Zero counters in chain or all chains\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
@@ -1521,7 +1524,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
break;
case 'L':
- add_command(&command, CMD_LIST, CMD_ZERO,
+ add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM,
invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
@@ -1533,8 +1536,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
break;
case 'S':
- add_command(&command, CMD_LIST_RULES, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST_RULES,
+ CMD_ZERO|CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1560,6 +1563,11 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
+ if (optind < argc && argv[optind][0] != '-'
+ && argv[optind][0] != '!') {
+ rulenum = parse_rulenumber(argv[optind++]);
+ command = CMD_ZERO_NUM;
+ }
break;
case 'N':
@@ -2087,8 +2095,12 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
case CMD_ZERO:
ret = zero_entries(chain, options&OPT_VERBOSE, handle);
break;
+ case CMD_ZERO_NUM:
+ ret = iptc_zero_counter(chain, rulenum, handle);
+ break;
case CMD_LIST:
case CMD_LIST|CMD_ZERO:
+ case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2099,9 +2111,12 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = iptc_zero_counter(chain, rulenum, handle);
break;
case CMD_LIST_RULES:
case CMD_LIST_RULES|CMD_ZERO:
+ case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2109,6 +2124,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = iptc_zero_counter(chain, rulenum, handle);
break;
case CMD_NEW_CHAIN:
ret = iptc_create_chain(chain, handle);
build-vm-jenner:/jenner/pkgs/iptables#
Mohit Mehta
Vyatta Inc.
next parent reply other threads:[~2009-02-17 23:51 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <13574679.27071234914513480.JavaMail.root@tahiti.vyatta.com>
2009-02-17 23:51 ` Mohit Mehta [this message]
2009-02-18 18:40 ` [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables Patrick McHardy
2009-02-18 20:17 ` Mohit Mehta
2009-02-18 20:22 ` Jan Engelhardt
2009-02-18 20:32 ` Mohit Mehta
2009-02-19 10:21 ` Patrick McHardy
2009-02-19 19:41 ` Mohit Mehta
2009-02-19 20:11 ` Patrick McHardy
2009-08-19 17:56 ` Mohit Mehta
2009-08-19 20:41 ` Jan Engelhardt
2009-09-10 14:26 ` Jan Engelhardt
2009-09-10 16:24 ` Mohit Mehta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4994336.27091234914681076.JavaMail.root@tahiti.vyatta.com \
--to=mohit.mehta@vyatta.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).