* [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables [not found] <13574679.27071234914513480.JavaMail.root@tahiti.vyatta.com> @ 2009-02-17 23:51 ` Mohit Mehta 2009-02-18 18:40 ` Patrick McHardy 0 siblings, 1 reply; 12+ messages in thread From: Mohit Mehta @ 2009-02-17 23:51 UTC (permalink / raw) To: netfilter-devel iptc_zero_counter/ip6tc_zero_counter are functions available in libiptc to zero counters for a rule in a given chain. However, this is not exposed in iptables/ip6tables. The patch below exposes the underlying function to the user to zero out packet and byte counters for a specific rule. build-vm-jenner:/jenner/pkgs/iptables# git diff -u 039683e8958bb161d3eaece4853898ee575bc0f5 iptables.c ip6tables.c diff --git a/ip6tables.c b/ip6tables.c index e146114..22612b6 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -79,9 +79,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_RENAME_CHAIN 0x0800U #define CMD_LIST_RULES 0x1000U -#define NUMBER_OF_CMD 14 +#define CMD_ZERO_NUM 0x2000U +#define NUMBER_OF_CMD 15 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E', 'S' }; + 'Z', 'N', 'X', 'P', 'E', 'S' }; #define OPTION_OFFSET 256 @@ -165,6 +166,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = /*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x'}, /*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, +/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' '}, @@ -308,7 +310,8 @@ exit_printhelp(struct ip6tables_rule_match *matches) " --list-rules -S [chain [rulenum]]\n" " Print the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" -" --zero -Z [chain] Zero counters in chain or all chains\n" +" --zero -Z [chain[rulenum]]\n" +" Zero counters in chain or all chains\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1494,7 +1497,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) break; case 'L': - add_command(&command, CMD_LIST, CMD_ZERO, + add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' @@ -1506,8 +1509,8 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) break; case 'S': - add_command(&command, CMD_LIST_RULES, CMD_ZERO, - invert); + add_command(&command, CMD_LIST_RULES, + CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') @@ -1533,6 +1536,11 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; + if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') { + rulenum = parse_rulenumber(argv[optind++]); + command = CMD_ZERO_NUM; + } break; case 'N': @@ -2035,8 +2043,12 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) case CMD_ZERO: ret = zero_entries(chain, options&OPT_VERBOSE, handle); break; + case CMD_ZERO_NUM: + ret = ip6tc_zero_counter(chain, rulenum, handle); + break; case CMD_LIST: case CMD_LIST|CMD_ZERO: + case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(chain, rulenum, options&OPT_VERBOSE, @@ -2047,9 +2059,12 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = ip6tc_zero_counter(chain, rulenum, handle); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: + case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(chain, rulenum, options&OPT_VERBOSE, @@ -2057,6 +2072,8 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = ip6tc_zero_counter(chain, rulenum, handle); break; case CMD_NEW_CHAIN: ret = ip6tc_create_chain(chain, handle); diff --git a/iptables.c b/iptables.c index bf3cbca..4e67925 100644 --- a/iptables.c +++ b/iptables.c @@ -76,9 +76,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_RENAME_CHAIN 0x0800U #define CMD_LIST_RULES 0x1000U -#define NUMBER_OF_CMD 14 +#define CMD_ZERO_NUM 0x2000U +#define NUMBER_OF_CMD 15 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E', 'S' }; + 'Z', 'N', 'X', 'P', 'E', 'S' }; #define OPTION_OFFSET 256 @@ -165,6 +166,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = /*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ','x'}, /*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, +/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x',' '}, @@ -311,7 +313,8 @@ exit_printhelp(struct iptables_rule_match *matches) " --list-rules -S [chain [rulenum]]\n" " Print the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" -" --zero -Z [chain] Zero counters in chain or all chains\n" +" --zero -Z [chain [rulenum]]\n" +" Zero counters in chain or all chains\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1521,7 +1524,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) break; case 'L': - add_command(&command, CMD_LIST, CMD_ZERO, + add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' @@ -1533,8 +1536,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) break; case 'S': - add_command(&command, CMD_LIST_RULES, CMD_ZERO, - invert); + add_command(&command, CMD_LIST_RULES, + CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') @@ -1560,6 +1563,11 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; + if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') { + rulenum = parse_rulenumber(argv[optind++]); + command = CMD_ZERO_NUM; + } break; case 'N': @@ -2087,8 +2095,12 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) case CMD_ZERO: ret = zero_entries(chain, options&OPT_VERBOSE, handle); break; + case CMD_ZERO_NUM: + ret = iptc_zero_counter(chain, rulenum, handle); + break; case CMD_LIST: case CMD_LIST|CMD_ZERO: + case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(chain, rulenum, options&OPT_VERBOSE, @@ -2099,9 +2111,12 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = iptc_zero_counter(chain, rulenum, handle); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: + case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(chain, rulenum, options&OPT_VERBOSE, @@ -2109,6 +2124,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = iptc_zero_counter(chain, rulenum, handle); break; case CMD_NEW_CHAIN: ret = iptc_create_chain(chain, handle); build-vm-jenner:/jenner/pkgs/iptables# Mohit Mehta Vyatta Inc. ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-02-17 23:51 ` [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables Mohit Mehta @ 2009-02-18 18:40 ` Patrick McHardy 2009-02-18 20:17 ` Mohit Mehta 0 siblings, 1 reply; 12+ messages in thread From: Patrick McHardy @ 2009-02-18 18:40 UTC (permalink / raw) To: Mohit Mehta; +Cc: netfilter-devel Mohit Mehta wrote: > iptc_zero_counter/ip6tc_zero_counter are functions available in libiptc to zero counters for a rule in a given chain. However, this is not exposed in iptables/ip6tables. The patch below exposes the underlying function to the user to zero out packet and byte counters for a specific rule. Exposing this seems useful, the patch doesn't apply to the current git version though: 8 out of 9 hunks FAILED -- saving rejects to file ip6tables.c.rej 8 out of 9 hunks FAILED -- saving rejects to file iptables.c.rej Please rediff your patch against the current tree. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-02-18 18:40 ` Patrick McHardy @ 2009-02-18 20:17 ` Mohit Mehta 2009-02-18 20:22 ` Jan Engelhardt 2009-02-19 10:21 ` Patrick McHardy 0 siblings, 2 replies; 12+ messages in thread From: Mohit Mehta @ 2009-02-18 20:17 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel > Please rediff your patch against the current tree. diff for iptables.c - --- iptables.c.orig 2009-02-18 11:26:31.000000000 -0800 +++ iptables.c 2009-02-18 11:38:30.000000000 -0800 @@ -76,9 +76,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_RENAME_CHAIN 0x0800U #define CMD_LIST_RULES 0x1000U -#define NUMBER_OF_CMD 14 +#define CMD_ZERO_NUM 0x2000U +#define NUMBER_OF_CMD 15 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E', 'S' }; + 'Z', 'N', 'X', 'P', 'E', 'S' }; #define OPTION_OFFSET 256 @@ -165,6 +166,7 @@ static char commands_v_options[NUMBER_OF /*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ','x'}, /*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, +/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x',' '}, @@ -311,7 +313,8 @@ exit_printhelp(struct iptables_rule_matc " --list-rules -S [chain [rulenum]]\n" " Print the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" -" --zero -Z [chain] Zero counters in chain or all chains\n" +" --zero -Z [chain[rulenum]]\n" +" Zero counters in chain or all chains\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1521,7 +1524,7 @@ int do_command(int argc, char *argv[], c break; case 'L': - add_command(&command, CMD_LIST, CMD_ZERO, + add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' @@ -1533,8 +1536,8 @@ int do_command(int argc, char *argv[], c break; case 'S': - add_command(&command, CMD_LIST_RULES, CMD_ZERO, - invert); + add_command(&command, CMD_LIST_RULES, + CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') @@ -1560,6 +1563,11 @@ int do_command(int argc, char *argv[], c else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; + if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') { + rulenum = parse_rulenumber(argv[optind++]); + command = CMD_ZERO_NUM; + } break; case 'N': @@ -2094,8 +2102,12 @@ int do_command(int argc, char *argv[], c case CMD_ZERO: ret = zero_entries(chain, options&OPT_VERBOSE, handle); break; + case CMD_ZERO_NUM: + ret = iptc_zero_counter(chain, rulenum, handle); + break; case CMD_LIST: case CMD_LIST|CMD_ZERO: + case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(chain, rulenum, options&OPT_VERBOSE, @@ -2106,9 +2118,12 @@ int do_command(int argc, char *argv[], c if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = iptc_zero_counter(chain, rulenum, handle); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: + case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(chain, rulenum, options&OPT_VERBOSE, @@ -2116,6 +2131,8 @@ int do_command(int argc, char *argv[], c if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = iptc_zero_counter(chain, rulenum, handle); break; case CMD_NEW_CHAIN: ret = iptc_create_chain(chain, handle); diff for ip6tables.c - --- ip6tables.c.orig 2009-02-18 11:44:04.000000000 -0800 +++ ip6tables.c 2009-02-18 11:50:51.000000000 -0800 @@ -79,9 +79,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_RENAME_CHAIN 0x0800U #define CMD_LIST_RULES 0x1000U -#define NUMBER_OF_CMD 14 +#define CMD_ZERO_NUM 0x2000U +#define NUMBER_OF_CMD 15 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E', 'S' }; + 'Z', 'N', 'X', 'P', 'E', 'S' }; #define OPTION_OFFSET 256 @@ -166,6 +167,7 @@ static char commands_v_options[NUMBER_OF /*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x'}, /*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, +/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' '}, @@ -309,7 +311,8 @@ exit_printhelp(struct ip6tables_rule_mat " --list-rules -S [chain [rulenum]]\n" " Print the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" -" --zero -Z [chain] Zero counters in chain or all chains\n" +" --zero -Z [chain[rulenum]]\n" +" Zero counters in chain or all chains\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1508,7 +1511,7 @@ int do_command6(int argc, char *argv[], break; case 'L': - add_command(&command, CMD_LIST, CMD_ZERO, + add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' @@ -1520,8 +1523,8 @@ int do_command6(int argc, char *argv[], break; case 'S': - add_command(&command, CMD_LIST_RULES, CMD_ZERO, - invert); + add_command(&command, CMD_LIST_RULES, + CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') @@ -1547,6 +1550,11 @@ int do_command6(int argc, char *argv[], else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; + if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') { + rulenum = parse_rulenumber(argv[optind++]); + command = CMD_ZERO_NUM; + } break; case 'N': @@ -2062,8 +2070,12 @@ int do_command6(int argc, char *argv[], case CMD_ZERO: ret = zero_entries(chain, options&OPT_VERBOSE, handle); break; + case CMD_ZERO_NUM: + ret = ip6tc_zero_counter(chain, rulenum, handle); + break; case CMD_LIST: case CMD_LIST|CMD_ZERO: + case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(chain, rulenum, options&OPT_VERBOSE, @@ -2074,9 +2086,12 @@ int do_command6(int argc, char *argv[], if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = ip6tc_zero_counter(chain, rulenum, handle); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: + case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(chain, rulenum, options&OPT_VERBOSE, @@ -2084,6 +2099,8 @@ int do_command6(int argc, char *argv[], if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = ip6tc_zero_counter(chain, rulenum, handle); break; case CMD_NEW_CHAIN: ret = ip6tc_create_chain(chain, handle); ----- Original Message ----- From: "Patrick McHardy" <kaber@trash.net> To: "Mohit Mehta" <mohit.mehta@vyatta.com> Cc: netfilter-devel@vger.kernel.org Sent: Wednesday, February 18, 2009 10:40:35 AM (GMT-0800) Auto-Detected Subject: Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables Mohit Mehta wrote: > iptc_zero_counter/ip6tc_zero_counter are functions available in libiptc to zero counters for a rule in a given chain. However, this is not exposed in iptables/ip6tables. The patch below exposes the underlying function to the user to zero out packet and byte counters for a specific rule. Exposing this seems useful, the patch doesn't apply to the current git version though: 8 out of 9 hunks FAILED -- saving rejects to file ip6tables.c.rej 8 out of 9 hunks FAILED -- saving rejects to file iptables.c.rej Please rediff your patch against the current tree. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-02-18 20:17 ` Mohit Mehta @ 2009-02-18 20:22 ` Jan Engelhardt 2009-02-18 20:32 ` Mohit Mehta 2009-02-19 10:21 ` Patrick McHardy 1 sibling, 1 reply; 12+ messages in thread From: Jan Engelhardt @ 2009-02-18 20:22 UTC (permalink / raw) To: Mohit Mehta; +Cc: Patrick McHardy, netfilter-devel On Wednesday 2009-02-18 21:17, Mohit Mehta wrote: >> Please rediff your patch against the current tree. > >diff for iptables.c - If you have trouble generating patches quickly, I can suggest the use of the following tools: - quilt (quilt new mywork.diff; quilt edit iptables.c; quilt ref; grab patch from patches/ directory) - git (git clone; edit files; git add; git commit; git-export-patch) - or git with stgit (stg new mywork.diff; edit; stg ref; stg export...) >@@ -2116,6 +2131,8 @@ int do_command(int argc, char *argv[], c > if (ret && (command & CMD_ZERO)) > ret = zero_entries(chain, > options&OPT_VERBOSE, handle); >+ if (ret && (command & CMD_ZERO_NUM)) >+ ret = iptc_zero_counter(chain, rulenum, handle); > break; > case CMD_NEW_CHAIN: > ret = iptc_create_chain(chain, handle); > > > > > > >diff for ip6tables.c - > >--- ip6tables.c.orig 2009-02-18 11:44:04.000000000 -0800 >+++ ip6tables.c 2009-02-18 11:50:51.000000000 -0800 >@@ -79,9 +79,10 @@ > #define CMD_SET_POLICY 0x0400U > #define CMD_RENAME_CHAIN 0x0800U > #define CMD_LIST_RULES 0x1000U >-#define NUMBER_OF_CMD 14 >+#define CMD_ZERO_NUM 0x2000U >+#define NUMBER_OF_CMD 15 > static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', >- 'N', 'X', 'P', 'E', 'S' }; >+ 'Z', 'N', 'X', 'P', 'E', 'S' }; > > #define OPTION_OFFSET 256 > ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-02-18 20:22 ` Jan Engelhardt @ 2009-02-18 20:32 ` Mohit Mehta 0 siblings, 0 replies; 12+ messages in thread From: Mohit Mehta @ 2009-02-18 20:32 UTC (permalink / raw) To: Jan Engelhardt; +Cc: Patrick McHardy, netfilter-devel >If you have trouble generating patches quickly, I can suggest the >use of the following tools: > - quilt > (quilt new mywork.diff; quilt edit iptables.c; quilt ref; > grab patch from patches/ directory) > - git > (git clone; edit files; git add; git commit; git-export-patch) > - or git with stgit > (stg new mywork.diff; edit; stg ref; stg export...) Thanks for these suggestions. It should be noted that I did these changes to the latest source that I grabbed from debian sid. May be I should have just git cloned it from iptables repository. let me knw if these aren't any good and I'll patch em against the most current version of iptables. ----- Original Message ----- From: "Jan Engelhardt" <jengelh@medozas.de> To: "Mohit Mehta" <mohit.mehta@vyatta.com> Cc: "Patrick McHardy" <kaber@trash.net>, netfilter-devel@vger.kernel.org Sent: Wednesday, February 18, 2009 12:22:05 PM (GMT-0800) Auto-Detected Subject: Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables On Wednesday 2009-02-18 21:17, Mohit Mehta wrote: >> Please rediff your patch against the current tree. > >diff for iptables.c - If you have trouble generating patches quickly, I can suggest the use of the following tools: - quilt (quilt new mywork.diff; quilt edit iptables.c; quilt ref; grab patch from patches/ directory) - git (git clone; edit files; git add; git commit; git-export-patch) - or git with stgit (stg new mywork.diff; edit; stg ref; stg export...) >@@ -2116,6 +2131,8 @@ int do_command(int argc, char *argv[], c > if (ret && (command & CMD_ZERO)) > ret = zero_entries(chain, > options&OPT_VERBOSE, handle); >+ if (ret && (command & CMD_ZERO_NUM)) >+ ret = iptc_zero_counter(chain, rulenum, handle); > break; > case CMD_NEW_CHAIN: > ret = iptc_create_chain(chain, handle); > > > > > > >diff for ip6tables.c - > >--- ip6tables.c.orig 2009-02-18 11:44:04.000000000 -0800 >+++ ip6tables.c 2009-02-18 11:50:51.000000000 -0800 >@@ -79,9 +79,10 @@ > #define CMD_SET_POLICY 0x0400U > #define CMD_RENAME_CHAIN 0x0800U > #define CMD_LIST_RULES 0x1000U >-#define NUMBER_OF_CMD 14 >+#define CMD_ZERO_NUM 0x2000U >+#define NUMBER_OF_CMD 15 > static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', >- 'N', 'X', 'P', 'E', 'S' }; >+ 'Z', 'N', 'X', 'P', 'E', 'S' }; > > #define OPTION_OFFSET 256 > ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-02-18 20:17 ` Mohit Mehta 2009-02-18 20:22 ` Jan Engelhardt @ 2009-02-19 10:21 ` Patrick McHardy 2009-02-19 19:41 ` Mohit Mehta 1 sibling, 1 reply; 12+ messages in thread From: Patrick McHardy @ 2009-02-19 10:21 UTC (permalink / raw) To: Mohit Mehta; +Cc: netfilter-devel Mohit Mehta wrote: >> Please rediff your patch against the current tree. > > diff for iptables.c - > > --- iptables.c.orig 2009-02-18 11:26:31.000000000 -0800 > +++ iptables.c 2009-02-18 11:38:30.000000000 -0800 That patch is whitespace-mangled and also doesn't apply. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-02-19 10:21 ` Patrick McHardy @ 2009-02-19 19:41 ` Mohit Mehta 2009-02-19 20:11 ` Patrick McHardy 0 siblings, 1 reply; 12+ messages in thread From: Mohit Mehta @ 2009-02-19 19:41 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel Hopefully, this works - diff --git a/ip6tables.c b/ip6tables.c index 06c0a60..d524f6a 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -80,9 +80,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_RENAME_CHAIN 0x0800U #define CMD_LIST_RULES 0x1000U -#define NUMBER_OF_CMD 14 +#define CMD_ZERO_NUM 0x2000U +#define NUMBER_OF_CMD 15 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E', 'S' }; + 'Z', 'N', 'X', 'P', 'E', 'S' }; #define OPT_NONE 0x00000U #define OPT_NUMERIC 0x00001U @@ -172,6 +173,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = /*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x'}, /*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, +/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' '}, @@ -268,7 +270,8 @@ exit_printhelp(struct xtables_rule_match *matches) " --list-rules -S [chain [rulenum]]\n" " Print the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" -" --zero -Z [chain] Zero counters in chain or all chains\n" +" --zero -Z [chain[rulenum]]\n" +" Zero counters in chain or all chains\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1377,7 +1380,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 'L': - add_command(&command, CMD_LIST, CMD_ZERO, + add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' @@ -1389,8 +1392,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 'S': - add_command(&command, CMD_LIST_RULES, CMD_ZERO, - invert); + add_command(&command, CMD_LIST_RULES, + CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') @@ -1416,6 +1419,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; + if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') { + rulenum = parse_rulenumber(argv[optind++]); + command = CMD_ZERO_NUM; + } break; case 'N': @@ -1950,8 +1958,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand case CMD_ZERO: ret = zero_entries(chain, options&OPT_VERBOSE, *handle); break; + case CMD_ZERO_NUM: + ret = ip6tc_zero_counter(chain, rulenum, handle); + break; case CMD_LIST: case CMD_LIST|CMD_ZERO: + case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(chain, rulenum, options&OPT_VERBOSE, @@ -1962,9 +1974,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = ip6tc_zero_counter(chain, rulenum, handle); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: + case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(chain, rulenum, options&OPT_VERBOSE, @@ -1972,6 +1987,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = ip6tc_zero_counter(chain, rulenum, handle); break; case CMD_NEW_CHAIN: ret = ip6tc_create_chain(chain, *handle); diff --git a/iptables.c b/iptables.c index a8e97c7..61ddbde 100644 --- a/iptables.c +++ b/iptables.c @@ -77,9 +77,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_RENAME_CHAIN 0x0800U #define CMD_LIST_RULES 0x1000U -#define NUMBER_OF_CMD 14 +#define CMD_ZERO_NUM 0x2000U +#define NUMBER_OF_CMD 15 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E', 'S' }; + 'Z', 'N', 'X', 'P', 'E', 'S' }; #define OPT_NONE 0x00000U #define OPT_NUMERIC 0x00001U @@ -173,6 +174,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = /*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ','x'}, /*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, +/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x',' '}, @@ -282,7 +284,8 @@ exit_printhelp(struct xtables_rule_match *matches) " --list-rules -S [chain [rulenum]]\n" " Print the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" -" --zero -Z [chain] Zero counters in chain or all chains\n" +" --zero -Z [chain[rulenum]]\n" +" Zero counters in chain or all chains\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1400,7 +1403,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'L': - add_command(&command, CMD_LIST, CMD_ZERO, + add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' @@ -1412,8 +1415,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'S': - add_command(&command, CMD_LIST_RULES, CMD_ZERO, - invert); + add_command(&command, CMD_LIST_RULES, + CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') @@ -1439,6 +1442,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; + if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') { + rulenum = parse_rulenumber(argv[optind++]); + command = CMD_ZERO_NUM; + } break; case 'N': @@ -1992,8 +2000,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle case CMD_ZERO: ret = zero_entries(chain, options&OPT_VERBOSE, *handle); break; + case CMD_ZERO_NUM: + ret = iptc_zero_counter(chain, rulenum, handle); + break; case CMD_LIST: case CMD_LIST|CMD_ZERO: + case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(chain, rulenum, options&OPT_VERBOSE, @@ -2004,9 +2016,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = iptc_zero_counter(chain, rulenum, handle); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: + case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(chain, rulenum, options&OPT_VERBOSE, @@ -2014,6 +2029,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = iptc_zero_counter(chain, rulenum, handle); break; case CMD_NEW_CHAIN: ret = iptc_create_chain(chain, *handle); ----- Original Message ----- From: "Patrick McHardy" <kaber@trash.net> To: "Mohit Mehta" <mohit.mehta@vyatta.com> Cc: netfilter-devel@vger.kernel.org Sent: Thursday, February 19, 2009 2:21:31 AM (GMT-0800) Auto-Detected Subject: Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables Mohit Mehta wrote: >> Please rediff your patch against the current tree. > > diff for iptables.c - > > --- iptables.c.orig 2009-02-18 11:26:31.000000000 -0800 > +++ iptables.c 2009-02-18 11:38:30.000000000 -0800 That patch is whitespace-mangled and also doesn't apply. ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-02-19 19:41 ` Mohit Mehta @ 2009-02-19 20:11 ` Patrick McHardy 2009-08-19 17:56 ` Mohit Mehta 0 siblings, 1 reply; 12+ messages in thread From: Patrick McHardy @ 2009-02-19 20:11 UTC (permalink / raw) To: Mohit Mehta; +Cc: netfilter-devel Mohit Mehta wrote: > Hopefully, this works - It does not. Try sending to yourself first and applying it yourself. And I'd suggest not to use a web based client: X-Mailer: Zimbra 5.0.11_GA_2696.RHEL4 (ZimbraWebClient - FF3.0 (Win)/5.0.11_GA_2696.RHEL4) ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-02-19 20:11 ` Patrick McHardy @ 2009-08-19 17:56 ` Mohit Mehta 2009-08-19 20:41 ` Jan Engelhardt 0 siblings, 1 reply; 12+ messages in thread From: Mohit Mehta @ 2009-08-19 17:56 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 11706 bytes --] I was able to cleanly apply the attached modified patches to the latest iptables code. Also, below is the code in text if attachment doesn't reach. build-vm:/# cat iptables.c.patch >From 4dbfcfeb9fc65df7fac1f16230871c02a85b4ea1 Mon Sep 17 00:00:00 2001 From: root <root@build-vm.(none)> Date: Tue, 7 Jul 2009 14:03:50 -0700 Subject: [PATCH] expose option to zero packet and byte counters for a specific rule using iptables --- iptables.c | 29 +++++++++++++++++++++++------ 1 files changed, 23 insertions(+), 6 deletions(-) diff --git a/iptables.c b/iptables.c index a229c35..53c2d56 100644 --- a/iptables.c +++ b/iptables.c @@ -78,9 +78,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_RENAME_CHAIN 0x0800U #define CMD_LIST_RULES 0x1000U -#define NUMBER_OF_CMD 14 +#define CMD_ZERO_NUM 0x2000U +#define NUMBER_OF_CMD 15 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E', 'S' }; + 'Z', 'N', 'X', 'P', 'E', 'S' }; #define OPT_NONE 0x00000U #define OPT_NUMERIC 0x00001U @@ -172,6 +173,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = /*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ','x'}, /*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, +/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x',' '}, @@ -280,7 +282,8 @@ exit_printhelp(struct xtables_rule_match *matches) " --list-rules -S [chain [rulenum]]\n" " Print the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" -" --zero -Z [chain] Zero counters in chain or all chains\n" +" --zero -Z [chain [rulenum]]\n" +" Zero counters in chain or all chains\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1399,7 +1402,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'L': - add_command(&command, CMD_LIST, CMD_ZERO, + add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' @@ -1411,8 +1414,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'S': - add_command(&command, CMD_LIST_RULES, CMD_ZERO, - invert); + add_command(&command, CMD_LIST_RULES, + CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') @@ -1438,6 +1441,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; + if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') { + rulenum = parse_rulenumber(argv[optind++]); + command = CMD_ZERO_NUM; + } break; case 'N': @@ -1994,8 +2002,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle case CMD_ZERO: ret = zero_entries(chain, options&OPT_VERBOSE, *handle); break; + case CMD_ZERO_NUM: + ret = iptc_zero_counter(chain, rulenum, *handle); + break; case CMD_LIST: case CMD_LIST|CMD_ZERO: + case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(chain, rulenum, options&OPT_VERBOSE, @@ -2006,9 +2018,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = iptc_zero_counter(chain, rulenum, *handle); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: + case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(chain, rulenum, options&OPT_VERBOSE, @@ -2016,6 +2031,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = iptc_zero_counter(chain, rulenum, *handle); break; case CMD_NEW_CHAIN: ret = iptc_create_chain(chain, *handle); -- 1.5.6.5 build-vm:/# cat ip6tables.c.patch >From 8f98a64ad2a2b312a3b9c94a0f79145bf04c6391 Mon Sep 17 00:00:00 2001 From: root <root@build-vm.(none)> Date: Tue, 7 Jul 2009 14:17:40 -0700 Subject: [PATCH] expose option to zero packet and byte counters for a specific rule using ip6tables --- ip6tables.c | 29 +++++++++++++++++++++++------ 1 files changed, 23 insertions(+), 6 deletions(-) diff --git a/ip6tables.c b/ip6tables.c index f974fb1..849e94d 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -81,9 +81,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_RENAME_CHAIN 0x0800U #define CMD_LIST_RULES 0x1000U -#define NUMBER_OF_CMD 14 +#define CMD_ZERO_NUM 0x2000U +#define NUMBER_OF_CMD 15 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E', 'S' }; + 'Z', 'N', 'X', 'P', 'E', 'S' }; #define OPT_NONE 0x00000U #define OPT_NUMERIC 0x00001U @@ -172,6 +173,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = /*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x'}, /*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, +/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' '}, @@ -267,7 +269,8 @@ exit_printhelp(struct xtables_rule_match *matches) " --list-rules -S [chain [rulenum]]\n" " Print the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" -" --zero -Z [chain] Zero counters in chain or all chains\n" +" --zero -Z [chain [rulenum]]\n" +" Zero counters in chain or all chains\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1376,7 +1379,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 'L': - add_command(&command, CMD_LIST, CMD_ZERO, + add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' @@ -1388,8 +1391,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 'S': - add_command(&command, CMD_LIST_RULES, CMD_ZERO, - invert); + add_command(&command, CMD_LIST_RULES, + CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') @@ -1415,6 +1418,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; + if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') { + rulenum = parse_rulenumber(argv[optind++]); + command = CMD_ZERO_NUM; + } break; case 'N': @@ -1953,8 +1961,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand case CMD_ZERO: ret = zero_entries(chain, options&OPT_VERBOSE, *handle); break; + case CMD_ZERO_NUM: + ret = ip6tc_zero_counter(chain, rulenum, *handle); + break; case CMD_LIST: case CMD_LIST|CMD_ZERO: + case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(chain, rulenum, options&OPT_VERBOSE, @@ -1965,9 +1977,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = ip6tc_zero_counter(chain, rulenum, *handle); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: + case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(chain, rulenum, options&OPT_VERBOSE, @@ -1975,6 +1990,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = ip6tc_zero_counter(chain, rulenum, *handle); break; case CMD_NEW_CHAIN: ret = ip6tc_create_chain(chain, *handle); -- 1.5.6.5 ----- Patrick McHardy <kaber@trash.net> wrote: > Mohit Mehta wrote: > > Hopefully, this works - > > It does not. Try sending to yourself first and applying it yourself. > And I'd suggest not to use a web based client: > > X-Mailer: Zimbra 5.0.11_GA_2696.RHEL4 (ZimbraWebClient - FF3.0 > (Win)/5.0.11_GA_2696.RHEL4) [-- Attachment #2: ip6tables.c.patch --] [-- Type: application/octet-stream, Size: 4344 bytes --] >From 8f98a64ad2a2b312a3b9c94a0f79145bf04c6391 Mon Sep 17 00:00:00 2001 From: root <root@build-vm.(none)> Date: Tue, 7 Jul 2009 14:17:40 -0700 Subject: [PATCH] expose option to zero packet and byte counters for a specific rule using ip6tables --- ip6tables.c | 29 +++++++++++++++++++++++------ 1 files changed, 23 insertions(+), 6 deletions(-) diff --git a/ip6tables.c b/ip6tables.c index f974fb1..849e94d 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -81,9 +81,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_RENAME_CHAIN 0x0800U #define CMD_LIST_RULES 0x1000U -#define NUMBER_OF_CMD 14 +#define CMD_ZERO_NUM 0x2000U +#define NUMBER_OF_CMD 15 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E', 'S' }; + 'Z', 'N', 'X', 'P', 'E', 'S' }; #define OPT_NONE 0x00000U #define OPT_NUMERIC 0x00001U @@ -172,6 +173,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = /*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x'}, /*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, +/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' '}, @@ -267,7 +269,8 @@ exit_printhelp(struct xtables_rule_match *matches) " --list-rules -S [chain [rulenum]]\n" " Print the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" -" --zero -Z [chain] Zero counters in chain or all chains\n" +" --zero -Z [chain [rulenum]]\n" +" Zero counters in chain or all chains\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1376,7 +1379,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 'L': - add_command(&command, CMD_LIST, CMD_ZERO, + add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' @@ -1388,8 +1391,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 'S': - add_command(&command, CMD_LIST_RULES, CMD_ZERO, - invert); + add_command(&command, CMD_LIST_RULES, + CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') @@ -1415,6 +1418,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; + if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') { + rulenum = parse_rulenumber(argv[optind++]); + command = CMD_ZERO_NUM; + } break; case 'N': @@ -1953,8 +1961,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand case CMD_ZERO: ret = zero_entries(chain, options&OPT_VERBOSE, *handle); break; + case CMD_ZERO_NUM: + ret = ip6tc_zero_counter(chain, rulenum, *handle); + break; case CMD_LIST: case CMD_LIST|CMD_ZERO: + case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(chain, rulenum, options&OPT_VERBOSE, @@ -1965,9 +1977,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = ip6tc_zero_counter(chain, rulenum, *handle); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: + case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(chain, rulenum, options&OPT_VERBOSE, @@ -1975,6 +1990,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = ip6tc_zero_counter(chain, rulenum, *handle); break; case CMD_NEW_CHAIN: ret = ip6tc_create_chain(chain, *handle); -- 1.5.6.5 [-- Attachment #3: iptables.c.patch --] [-- Type: application/octet-stream, Size: 4360 bytes --] >From 4dbfcfeb9fc65df7fac1f16230871c02a85b4ea1 Mon Sep 17 00:00:00 2001 From: root <root@build-vm.(none)> Date: Tue, 7 Jul 2009 14:03:50 -0700 Subject: [PATCH] expose option to zero packet and byte counters for a specific rule using iptables --- iptables.c | 29 +++++++++++++++++++++++------ 1 files changed, 23 insertions(+), 6 deletions(-) diff --git a/iptables.c b/iptables.c index a229c35..53c2d56 100644 --- a/iptables.c +++ b/iptables.c @@ -78,9 +78,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_RENAME_CHAIN 0x0800U #define CMD_LIST_RULES 0x1000U -#define NUMBER_OF_CMD 14 +#define CMD_ZERO_NUM 0x2000U +#define NUMBER_OF_CMD 15 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E', 'S' }; + 'Z', 'N', 'X', 'P', 'E', 'S' }; #define OPT_NONE 0x00000U #define OPT_NUMERIC 0x00001U @@ -172,6 +173,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = /*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ','x'}, /*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, +/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x',' '}, @@ -280,7 +282,8 @@ exit_printhelp(struct xtables_rule_match *matches) " --list-rules -S [chain [rulenum]]\n" " Print the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" -" --zero -Z [chain] Zero counters in chain or all chains\n" +" --zero -Z [chain [rulenum]]\n" +" Zero counters in chain or all chains\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1399,7 +1402,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'L': - add_command(&command, CMD_LIST, CMD_ZERO, + add_command(&command, CMD_LIST, CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' @@ -1411,8 +1414,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'S': - add_command(&command, CMD_LIST_RULES, CMD_ZERO, - invert); + add_command(&command, CMD_LIST_RULES, + CMD_ZERO|CMD_ZERO_NUM, invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') @@ -1438,6 +1441,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; + if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') { + rulenum = parse_rulenumber(argv[optind++]); + command = CMD_ZERO_NUM; + } break; case 'N': @@ -1994,8 +2002,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle case CMD_ZERO: ret = zero_entries(chain, options&OPT_VERBOSE, *handle); break; + case CMD_ZERO_NUM: + ret = iptc_zero_counter(chain, rulenum, *handle); + break; case CMD_LIST: case CMD_LIST|CMD_ZERO: + case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(chain, rulenum, options&OPT_VERBOSE, @@ -2006,9 +2018,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = iptc_zero_counter(chain, rulenum, *handle); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: + case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(chain, rulenum, options&OPT_VERBOSE, @@ -2016,6 +2031,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle if (ret && (command & CMD_ZERO)) ret = zero_entries(chain, options&OPT_VERBOSE, *handle); + if (ret && (command & CMD_ZERO_NUM)) + ret = iptc_zero_counter(chain, rulenum, *handle); break; case CMD_NEW_CHAIN: ret = iptc_create_chain(chain, *handle); -- 1.5.6.5 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-08-19 17:56 ` Mohit Mehta @ 2009-08-19 20:41 ` Jan Engelhardt 2009-09-10 14:26 ` Jan Engelhardt 0 siblings, 1 reply; 12+ messages in thread From: Jan Engelhardt @ 2009-08-19 20:41 UTC (permalink / raw) To: Mohit Mehta; +Cc: Patrick McHardy, netfilter-devel On Wednesday 2009-08-19 19:56, Mohit Mehta wrote: >I was able to cleanly apply the attached modified patches to the > latest iptables code. Also, below is the code in text if attachment > doesn't reach. > >build-vm:/# cat iptables.c.patch >>From 4dbfcfeb9fc65df7fac1f16230871c02a85b4ea1 Mon Sep 17 00:00:00 2001 >From: root <root@build-vm.(none)> >Date: Tue, 7 Jul 2009 14:03:50 -0700 >Subject: [PATCH] expose option to zero packet and byte counters for a specific rule using iptables I wonder what the real-world use of this is, apart from rule debugging (for which -j TRACE seems better anyhow). I queued these patches (since I guess they won't apply elsewhere again ;-) with reservation provision, fixed the trailing whitespace, and added the missing manpage updates. Pull requests follows soon. (It's in git://dev.medozas.de/iptables master already) ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-08-19 20:41 ` Jan Engelhardt @ 2009-09-10 14:26 ` Jan Engelhardt 2009-09-10 16:24 ` Mohit Mehta 0 siblings, 1 reply; 12+ messages in thread From: Jan Engelhardt @ 2009-09-10 14:26 UTC (permalink / raw) To: Mohit Mehta; +Cc: Netfilter Developer Mailing List Hi Mohit, On Wednesday 2009-08-19 22:41, Jan Engelhardt wrote: > >>I was able to cleanly apply the attached modified patches to the >> latest iptables code. Also, below is the code in text if attachment >> doesn't reach. >> >>Subject: [PATCH] expose option to zero packet and byte counters for a specific rule using iptables > > >I wonder what the real-world use of this is, apart from >rule debugging (for which -j TRACE seems better anyhow). That was meant to be a question. Could you please let me know why exactly -Z # was needed? I guess there was some large value seen in it given you were sending it from Vyatta, so I would like to know. If it was just an experiment and TRACE and/or quota2 (Xta) was sufficient in regards to you accomplishing whatever the intention was to, please also let me know so that I can possibly discard the branch with your -Z# submission. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables 2009-09-10 14:26 ` Jan Engelhardt @ 2009-09-10 16:24 ` Mohit Mehta 0 siblings, 0 replies; 12+ messages in thread From: Mohit Mehta @ 2009-09-10 16:24 UTC (permalink / raw) To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List Hi Jan, Sorry for the delay in reponse. I thought you were making a statement :-) Also, thanks for cleaning up the whitespaces and man page stuff for the patch. So, as you already mentioned in your previous post - > wonder what the real-world use of this is, apart from > rule debugging (for which -j TRACE seems better anyhow). The motivation for exposing the existing library function for -Z # was to facilitate an easy way for the users to debug a specific rule. I think this is most useful when there's a couple hundred rules and the user wants to quickly check if a specific rule is getting hit by looking at its counters. Honestly, I had not looked at the TRACE target before this and that as you point out is also useful in rule debugging. But I guess that resetting the counters of a rule would would come in handy when the user already has a target defined for a rule and wants to quickly test if the rule is getting hit for an expected traffic pattern as defined in the rule. Hopefully, other people will find this useful as well. Mohit ----- Jan Engelhardt <jengelh@medozas.de> wrote: > Hi Mohit, > > > On Wednesday 2009-08-19 22:41, Jan Engelhardt wrote: > > > >>I was able to cleanly apply the attached modified patches to the > >> latest iptables code. Also, below is the code in text if attachment > >> doesn't reach. > >> > >>Subject: [PATCH] expose option to zero packet and byte counters for a specific rule using iptables > > > > > >I wonder what the real-world use of this is, apart from > >rule debugging (for which -j TRACE seems better anyhow). > > That was meant to be a question. Could you please let me know why > exactly -Z # was needed? I guess there was some large value seen in it > given you were sending it from Vyatta, so I would like to know. If it > was just an experiment and TRACE and/or quota2 (Xta) was sufficient in > regards to you accomplishing whatever the intention was to, please also > let me know so that I can possibly discard the branch with your -Z# > submission. ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2009-09-10 16:23 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <13574679.27071234914513480.JavaMail.root@tahiti.vyatta.com>
2009-02-17 23:51 ` [PATCH] iptables: expose option to zero packet and byte counters for a specific rule using iptables/ip6tables Mohit Mehta
2009-02-18 18:40 ` Patrick McHardy
2009-02-18 20:17 ` Mohit Mehta
2009-02-18 20:22 ` Jan Engelhardt
2009-02-18 20:32 ` Mohit Mehta
2009-02-19 10:21 ` Patrick McHardy
2009-02-19 19:41 ` Mohit Mehta
2009-02-19 20:11 ` Patrick McHardy
2009-08-19 17:56 ` Mohit Mehta
2009-08-19 20:41 ` Jan Engelhardt
2009-09-10 14:26 ` Jan Engelhardt
2009-09-10 16:24 ` Mohit Mehta
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).