@@ -50,13 +50,12 @@ DUMP='*filter
-A foo -j MARK --set-mark 12345
-A foo -j ACCEPT --opcode 1
-A foo -j ACCEPT --proto-type 0x800
--A foo -j ACCEPT -i lo --opcode 1 --proto-type 0x800
-'
+-A foo -j ACCEPT -i lo --opcode 1 --proto-type 0x800'
-diff -u <(echo -e "$DUMP") <($XT_MULTI arptables-save)
+diff -u <(echo -e "$DUMP") <($XT_MULTI arptables-save | grep -v "^#")
# make sure dump can be restored and check it didn't change
$XT_MULTI arptables -F
$XT_MULTI arptables-restore <<<$DUMP
-diff -u <(echo -e "$DUMP") <($XT_MULTI arptables-save)
+diff -u <(echo -e "$DUMP") <($XT_MULTI arptables-save | grep -v "^#")
@@ -11,8 +11,7 @@ set -e
DUMP='*filter
:OUTPUT ACCEPT
-A OUTPUT -j mangle --mangle-ip-s 10.0.0.1
--A OUTPUT -j mangle --mangle-ip-d 10.0.0.2
-'
+-A OUTPUT -j mangle --mangle-ip-d 10.0.0.2'
# note how mangle-ip-s is unset in second rule
@@ -20,8 +19,7 @@ EXPECT='*filter
:INPUT ACCEPT
:OUTPUT ACCEPT
-A OUTPUT -j mangle --mangle-ip-s 10.0.0.1
--A OUTPUT -j mangle --mangle-ip-d 10.0.0.2
-'
+-A OUTPUT -j mangle --mangle-ip-d 10.0.0.2'
$XT_MULTI arptables -F
$XT_MULTI arptables-restore <<<$DUMP
@@ -58,7 +58,6 @@ EXPECT='*filter
-A INPUT -j MARK -i eth23 --set-mark 42
-A OUTPUT -j CLASSIFY -o eth23 --set-class 23:42
-A OUTPUT -j foo -o eth23
--A foo -j mangle -o eth23 --mangle-ip-s 10.0.0.1
-'
+-A foo -j mangle -o eth23 --mangle-ip-s 10.0.0.1'
-diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI arptables-save)
+diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI arptables-save | grep -v '^#')
@@ -99,7 +99,6 @@ DUMP='*filter
-A foo --802_3-sap 0x23 --limit 100/sec --limit-burst 5 -j ACCEPT
-A foo --pkttype-type multicast --log-level notice --log-prefix "" -j CONTINUE
-A foo --pkttype-type multicast --limit 100/sec --limit-burst 5 -j ACCEPT
-
*nat
:PREROUTING ACCEPT
:OUTPUT DROP
@@ -107,8 +106,7 @@ DUMP='*filter
:nat_foo DROP
-A PREROUTING -j redirect
-A OUTPUT -j ACCEPT
--A POSTROUTING -j ACCEPT
-'
+-A POSTROUTING -j ACCEPT'
diff -u <(echo -e "$DUMP") <($XT_MULTI ebtables-save | grep -v '^#')
@@ -13,8 +13,7 @@ DUMP='*filter
-A FORWARD --limit 100 --limit-burst 42 -j ACCEPT
-A FORWARD --limit 1000 -j ACCEPT
-A FORWARD --log --log-prefix "foobar"
--A FORWARD --log
-'
+-A FORWARD --log'
# note how limit-burst is 5 in second rule and log-prefix empty in fourth one
@@ -25,8 +24,7 @@ EXPECT='*filter
-A FORWARD --limit 100/sec --limit-burst 42 -j ACCEPT
-A FORWARD --limit 1000/sec --limit-burst 5 -j ACCEPT
-A FORWARD --log-level notice --log-prefix "foobar" -j CONTINUE
--A FORWARD --log-level notice --log-prefix "" -j CONTINUE
-'
+-A FORWARD --log-level notice --log-prefix "" -j CONTINUE'
$XT_MULTI ebtables --init-table
$XT_MULTI ebtables-restore <<<$DUMP
@@ -32,8 +32,7 @@ EXPECT='*filter
:FORWARD ACCEPT
:OUTPUT ACCEPT
-A FORWARD -i nodev123 -o nodev432 -j ACCEPT
--A FORWARD -i nodev432 -o nodev123 -j ACCEPT
-'
+-A FORWARD -i nodev432 -o nodev123 -j ACCEPT'
echo "ebtables-save"
diff -u <(echo -e "$EXPECT") <($XT_MULTI ebtables-save | grep -v '^#')
@@ -43,8 +42,7 @@ EXPECT='*filter
:FORWARD ACCEPT
:OUTPUT ACCEPT
[0:0] -A FORWARD -i nodev123 -o nodev432 -j ACCEPT
-[0:0] -A FORWARD -i nodev432 -o nodev123 -j ACCEPT
-'
+[0:0] -A FORWARD -i nodev432 -o nodev123 -j ACCEPT'
echo "ebtables-save -c"
diff -u <(echo -e "$EXPECT") <($XT_MULTI ebtables-save -c | grep -v '^#')
@@ -60,8 +58,7 @@ EXPECT='*filter
:FORWARD ACCEPT
:OUTPUT ACCEPT
-A FORWARD -i nodev123 -o nodev432 -j ACCEPT -c 0 0
--A FORWARD -i nodev432 -o nodev123 -j ACCEPT -c 0 0
-'
+-A FORWARD -i nodev432 -o nodev123 -j ACCEPT -c 0 0'
echo "EBTABLES_SAVE_COUNTER=yes ebtables-save"
diff -u <(echo -e "$EXPECT") <($XT_MULTI ebtables-save | grep -v '^#')
@@ -250,7 +250,6 @@ static int __ebt_save(struct nft_handle *h, const char *tablename, bool counters
{
struct nftnl_chain_list *chain_list;
unsigned int format = FMT_NOCOUNTS;
- static bool first = true;
time_t now;
if (!nft_table_find(h, tablename)) {
@@ -265,12 +264,9 @@ static int __ebt_save(struct nft_handle *h, const char *tablename, bool counters
chain_list = nft_chain_list_get(h, tablename);
- if (first) {
- now = time(NULL);
- printf("# Generated by %s v%s on %s", prog_name,
- prog_vers, ctime(&now));
- first = false;
- }
+ now = time(NULL);
+ printf("# Generated by %s v%s on %s", prog_name,
+ prog_vers, ctime(&now));
printf("*%s\n", tablename);
if (counters)
@@ -281,7 +277,8 @@ static int __ebt_save(struct nft_handle *h, const char *tablename, bool counters
* thereby preventing dependency conflicts */
nft_chain_save(h, chain_list);
nft_rule_save(h, tablename, format);
- printf("\n");
+ now = time(NULL);
+ printf("# Completed on %s", ctime(&now));
return 0;
}
@@ -361,6 +358,7 @@ int xtables_arp_save_main(int argc, char **argv)
struct nft_handle h = {
.family = NFPROTO_ARP,
};
+ time_t now;
int c;
xtables_globals.program_name = basename(*argv);;
@@ -407,10 +405,13 @@ int xtables_arp_save_main(int argc, char **argv)
return 0;
}
+ printf("# Generated by %s v%s on %s", prog_name,
+ prog_vers, ctime(&now));
printf("*filter\n");
nft_chain_save(&h, nft_chain_list_get(&h, "filter"));
nft_rule_save(&h, "filter", show_counters ? 0 : FMT_NOCOUNTS);
- printf("\n");
+ now = time(NULL);
+ printf("# Completed on %s", ctime(&now));
nft_fini(&h);
return 0;
}
Make eb- and arptables-save print both header and footer comments, too. Also print them for each table separately - the timing information is worth the extra lines in output. Signed-off-by: Phil Sutter <phil@nwl.cc> --- .../arptables/0001-arptables-save-restore_0 | 7 +++---- .../0002-arptables-restore-defaults_0 | 6 ++---- .../arptables/0003-arptables-verbose-output_0 | 5 ++--- .../ebtables/0002-ebtables-save-restore_0 | 4 +--- .../ebtables/0003-ebtables-restore-defaults_0 | 6 ++---- .../testcases/ebtables/0004-save-counters_0 | 9 +++------ iptables/xtables-save.c | 19 ++++++++++--------- 7 files changed, 23 insertions(+), 33 deletions(-)