iptables: hashlimit & conntrack misc

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* iptables: hashlimit & conntrack misc
@ 2010-06-25 12:45 Jan Engelhardt
  2010-06-25 12:45 ` [PATCH 1/2] libxt_hashlimit: always print burst value Jan Engelhardt
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Jan Engelhardt @ 2010-06-25 12:45 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel


The following changes since commit 11c2dd54b69e06ae3f35dea130ecba3df3859243:

  xtables: remove xtables_set_revision function (2010-06-07 12:00:24 +0200)

are available in the git repository at:
  git://dev.medozas.de/iptables master

Jan Engelhardt (2):
      libxt_hashlimit: always print burst value
      libxt_conntrack: do print netmask

 extensions/libxt_conntrack.c |   16 ++++++++++++----
 extensions/libxt_hashlimit.c |    6 ++----
 2 files changed, 14 insertions(+), 8 deletions(-)

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 1/2] libxt_hashlimit: always print burst value
  2010-06-25 12:45 iptables: hashlimit & conntrack misc Jan Engelhardt
@ 2010-06-25 12:45 ` Jan Engelhardt
  2010-06-25 12:49   ` Patrick McHardy
  2010-06-25 12:45 ` [PATCH 2/2] libxt_conntrack: do print netmask Jan Engelhardt
  2010-06-25 12:50 ` iptables: hashlimit & conntrack misc Patrick McHardy
  2 siblings, 1 reply; 5+ messages in thread
From: Jan Engelhardt @ 2010-06-25 12:45 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel

iptables -L lists the burst value, and so should iptables -S. I was
certainly surprised to see it gone even when explicitly specifying
--hashlimit-burst 5 on the command line.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_hashlimit.c |    6 ++----
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index a8fe588..7442dfc 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -591,8 +591,7 @@ static void hashlimit_save(const void *ip, const struct xt_entry_match *match)
 	const struct xt_hashlimit_info *r = (const void *)match->data;
 
 	fputs("--hashlimit ", stdout); print_rate(r->cfg.avg);
-	if (r->cfg.burst != XT_HASHLIMIT_BURST)
-		printf("--hashlimit-burst %u ", r->cfg.burst);
+	printf("--hashlimit-burst %u ", r->cfg.burst);
 
 	fputs("--hashlimit-mode ", stdout);
 	print_mode(r->cfg.mode, ',');
@@ -617,8 +616,7 @@ hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
 	else
 		fputs("--hashlimit-upto ", stdout);
 	print_rate(info->cfg.avg);
-	if (info->cfg.burst != XT_HASHLIMIT_BURST)
-		printf("--hashlimit-burst %u ", info->cfg.burst);
+	printf("--hashlimit-burst %u ", info->cfg.burst);
 
 	if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
 	    XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH 2/2] libxt_conntrack: do print netmask
  2010-06-25 12:45 iptables: hashlimit & conntrack misc Jan Engelhardt
  2010-06-25 12:45 ` [PATCH 1/2] libxt_hashlimit: always print burst value Jan Engelhardt
@ 2010-06-25 12:45 ` Jan Engelhardt
  2010-06-25 12:50 ` iptables: hashlimit & conntrack misc Patrick McHardy
  2 siblings, 0 replies; 5+ messages in thread
From: Jan Engelhardt @ 2010-06-25 12:45 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel

References: http://bugzilla.netfilter.org/show_bug.cgi?id=659
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_conntrack.c |   16 ++++++++++++----
 1 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index e8225e6..5557d3e 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -842,9 +842,13 @@ conntrack_dump_addr(const union nf_inet_addr *addr,
 			return;
 		}
 		if (numeric)
-			printf("%s ", xtables_ipaddr_to_numeric(&addr->in));
+			printf("%s%s ",
+			       xtables_ipaddr_to_numeric(&addr->in),
+			       xtables_ipmask_to_numeric(&mask->in));
 		else
-			printf("%s ", xtables_ipaddr_to_anyname(&addr->in));
+			printf("%s%s ",
+			       xtables_ipaddr_to_anyname(&addr->in),
+			       xtables_ipmask_to_numeric(&mask->in));
 	} else if (family == NFPROTO_IPV6) {
 		if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
 		    addr->ip6[2] == 0 && addr->ip6[3] == 0) {
@@ -852,9 +856,13 @@ conntrack_dump_addr(const union nf_inet_addr *addr,
 			return;
 		}
 		if (numeric)
-			printf("%s ", xtables_ip6addr_to_numeric(&addr->in6));
+			printf("%s%s ",
+			       xtables_ip6addr_to_numeric(&addr->in6),
+			       xtables_ip6mask_to_numeric(&mask->in6));
 		else
-			printf("%s ", xtables_ip6addr_to_anyname(&addr->in6));
+			printf("%s%s ",
+			       xtables_ip6addr_to_anyname(&addr->in6),
+			       xtables_ip6mask_to_numeric(&mask->in6));
 	}
 }
 
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/2] libxt_hashlimit: always print burst value
  2010-06-25 12:45 ` [PATCH 1/2] libxt_hashlimit: always print burst value Jan Engelhardt
@ 2010-06-25 12:49   ` Patrick McHardy
  0 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2010-06-25 12:49 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter-devel

Jan Engelhardt wrote:
> iptables -L lists the burst value, and so should iptables -S. I was
> certainly surprised to see it gone even when explicitly specifying
> --hashlimit-burst 5 on the command line.

I agree.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: iptables: hashlimit & conntrack misc
  2010-06-25 12:45 iptables: hashlimit & conntrack misc Jan Engelhardt
  2010-06-25 12:45 ` [PATCH 1/2] libxt_hashlimit: always print burst value Jan Engelhardt
  2010-06-25 12:45 ` [PATCH 2/2] libxt_conntrack: do print netmask Jan Engelhardt
@ 2010-06-25 12:50 ` Patrick McHardy
  2 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2010-06-25 12:50 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter-devel

Jan Engelhardt wrote:
> The following changes since commit 11c2dd54b69e06ae3f35dea130ecba3df3859243:
>
>   xtables: remove xtables_set_revision function (2010-06-07 12:00:24 +0200)
>
> are available in the git repository at:
>   git://dev.medozas.de/iptables master
>   

Pulled, thanks Jan.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2010-06-25 12:50 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-25 12:45 iptables: hashlimit & conntrack misc Jan Engelhardt
2010-06-25 12:45 ` [PATCH 1/2] libxt_hashlimit: always print burst value Jan Engelhardt
2010-06-25 12:49   ` Patrick McHardy
2010-06-25 12:45 ` [PATCH 2/2] libxt_conntrack: do print netmask Jan Engelhardt
2010-06-25 12:50 ` iptables: hashlimit & conntrack misc Patrick McHardy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).