From patchwork Tue Jun 3 07:47:32 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Giuseppe Longo X-Patchwork-Id: 355215 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id DCC9E140094 for ; Tue, 3 Jun 2014 17:45:40 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932241AbaFCHpj (ORCPT ); Tue, 3 Jun 2014 03:45:39 -0400 Received: from mail-wi0-f180.google.com ([209.85.212.180]:36736 "EHLO mail-wi0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932186AbaFCHpj (ORCPT ); Tue, 3 Jun 2014 03:45:39 -0400 Received: by mail-wi0-f180.google.com with SMTP id hi2so5990860wib.13 for ; Tue, 03 Jun 2014 00:45:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=lCUaGKrw3XwzSI5Nq/YiwtwdZaGTfxCh0k2NDTxYIrU=; b=zu+sm2bvFJkkUhRfLHct+eGPdNiwciOsZBPAbbjuFdI7nWIj8YSRqtkRGzQwArkNp8 cd/99+dX+IYcJVt+zZBNc16p3ba4LOYzmlzDJkmbwvD8oqv3izgtlN4wXu1ER+bcj08K IoP5/1gblVMI5JNXXb8yNR8d7RPLcIYsodh0GlTnZT0hwo+csA7tCPV24TVCfC5XKPC6 MNX+rApdOy5AoHVi7JK7d2NrCKL6JtREW6l/4kBTn8F7qwfn0U0cEPHjXnbS95/By2YW SlX3PltpzFUbPX7K6MQuDr6dZ4gqbHLWcFUD8hlVq0crL7QRpM1RmEcQMcbaBiua1oGP jPtg== X-Received: by 10.180.93.101 with SMTP id ct5mr30050612wib.23.1401781537947; Tue, 03 Jun 2014 00:45:37 -0700 (PDT) Received: from localhost.localdomain ([46.227.5.160]) by mx.google.com with ESMTPSA id iy13sm39274723wic.1.2014.06.03.00.45.35 for (version=TLSv1.2 cipher=AES128-GCM-SHA256 bits=128/128); Tue, 03 Jun 2014 00:45:37 -0700 (PDT) From: Giuseppe Longo To: netfilter-devel@vger.kernel.org Cc: Giuseppe Longo Subject: [iptables-compat PATCH] save: fix the printing of the counters Date: Tue, 3 Jun 2014 09:47:32 +0200 Message-Id: <1401781652-3538-1-git-send-email-giuseppelng@gmail.com> X-Mailer: git-send-email 1.8.3.2 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch prints the counters of a rule before the details, like iptables-save syntax. Signed-off-by: Giuseppe Longo --- iptables/nft-arp.c | 14 ++++++++------ iptables/nft-ipv4.c | 11 +++++++++-- iptables/nft-ipv6.c | 12 ++++++++++-- iptables/nft-shared.c | 18 ++++++++++-------- iptables/nft-shared.h | 5 +++-- iptables/nft.c | 11 +++++++---- 6 files changed, 47 insertions(+), 24 deletions(-) diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 562a1a2..dffdc94 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -599,12 +599,6 @@ static void nft_arp_save_firewall(const void *data, print_fw_details((struct arpt_entry *)fw, format); - if (!(format & FMT_NOCOUNTS)) { - printf("-c "); - xtables_print_num(fw->counters.pcnt, format); - xtables_print_num(fw->counters.bcnt, format); - } - target = get_target((struct arpt_entry *)fw, format); if (target) { @@ -680,6 +674,13 @@ static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nft_rule *r, return true; } +static void nft_arp_save_counters(const void *data, unsigned int format) +{ + const struct arpt_entry *fw = data; + + save_counters(fw->counters.pcnt, fw->counters.bcnt, format); +} + struct nft_family_ops nft_family_ops_arp = { .add = nft_arp_add, .is_same = nft_arp_is_same, @@ -689,6 +690,7 @@ struct nft_family_ops nft_family_ops_arp = { .parse_immediate = nft_arp_parse_immediate, .print_firewall = nft_arp_print_firewall, .save_firewall = nft_arp_save_firewall, + .save_counters = nft_arp_save_counters, .post_parse = NULL, .rule_find = nft_arp_rule_find, .parse_target = nft_arp_parse_target, diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index d05e80e..c59a120 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -315,8 +315,7 @@ static void nft_ipv4_save_firewall(const void *data, unsigned int format) save_firewall_details(cs, cs->fw.ip.invflags, cs->fw.ip.proto, cs->fw.ip.iniface, cs->fw.ip.iniface_mask, - cs->fw.ip.outiface, cs->fw.ip.outiface_mask, - format); + cs->fw.ip.outiface, cs->fw.ip.outiface_mask); if (cs->fw.ip.flags & IPT_F_FRAG) { if (cs->fw.ip.invflags & IPT_INV_FRAG) @@ -409,6 +408,13 @@ static bool nft_ipv4_rule_find(struct nft_family_ops *ops, return nft_ipv46_rule_find(ops, r, cs); } +static void nft_ipv4_save_counters(const void *data, unsigned int format) +{ + const struct iptables_command_state *cs = data; + + save_counters(cs->counters.pcnt, cs->counters.bcnt, format); +} + struct nft_family_ops nft_family_ops_ipv4 = { .add = nft_ipv4_add, .is_same = nft_ipv4_is_same, @@ -417,6 +423,7 @@ struct nft_family_ops nft_family_ops_ipv4 = { .parse_immediate = nft_ipv4_parse_immediate, .print_firewall = nft_ipv4_print_firewall, .save_firewall = nft_ipv4_save_firewall, + .save_counters = nft_ipv4_save_counters, .proto_parse = nft_ipv4_proto_parse, .post_parse = nft_ipv4_post_parse, .parse_target = nft_ipv4_parse_target, diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index f08598a..e00c1aa 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -222,8 +222,8 @@ static void nft_ipv6_save_firewall(const void *data, unsigned int format) save_firewall_details(cs, cs->fw6.ipv6.invflags, cs->fw6.ipv6.proto, cs->fw6.ipv6.iniface, cs->fw6.ipv6.iniface_mask, - cs->fw6.ipv6.outiface, cs->fw6.ipv6.outiface_mask, - format); + cs->fw6.ipv6.outiface, + cs->fw6.ipv6.outiface_mask); save_ipv6_addr('s', &cs->fw6.ipv6.src, cs->fw6.ipv6.invflags & IPT_INV_SRCIP); @@ -330,6 +330,13 @@ static bool nft_ipv6_rule_find(struct nft_family_ops *ops, return nft_ipv46_rule_find(ops, r, cs); } +static void nft_ipv6_save_counters(const void *data, unsigned int format) +{ + const struct iptables_command_state *cs = data; + + save_counters(cs->counters.pcnt, cs->counters.bcnt, format); +} + struct nft_family_ops nft_family_ops_ipv6 = { .add = nft_ipv6_add, .is_same = nft_ipv6_is_same, @@ -338,6 +345,7 @@ struct nft_family_ops nft_family_ops_ipv6 = { .parse_immediate = nft_ipv6_parse_immediate, .print_firewall = nft_ipv6_print_firewall, .save_firewall = nft_ipv6_save_firewall, + .save_counters = nft_ipv6_save_counters, .proto_parse = nft_ipv6_proto_parse, .post_parse = nft_ipv6_post_parse, .parse_target = nft_ipv6_parse_target, diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 09dd4f4..be6f276 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -601,15 +601,8 @@ void save_firewall_details(const struct iptables_command_state *cs, const char *iniface, unsigned const char *iniface_mask, const char *outiface, - unsigned const char *outiface_mask, - unsigned int format) + unsigned const char *outiface_mask) { - if (!(format & FMT_NOCOUNTS)) { - printf("-c "); - xtables_print_num(cs->counters.pcnt, format); - xtables_print_num(cs->counters.bcnt, format); - } - if (iniface != NULL) { print_iface('i', iniface, iniface_mask, invflags & IPT_INV_VIA_IN); @@ -632,6 +625,15 @@ void save_firewall_details(const struct iptables_command_state *cs, } } +void save_counters(uint64_t pcnt, uint64_t bcnt, unsigned int format) +{ + printf("["); + xtables_print_num(pcnt, format); + printf(":"); + xtables_print_num(bcnt, format); + printf("] "); +} + void save_matches_and_target(struct xtables_rule_match *m, struct xtables_target *target, const char *jumpto, uint8_t flags, const void *fw) diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index ea11745..71fc8ae 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -50,6 +50,7 @@ struct nft_family_ops { void (*print_firewall)(struct nft_rule *r, unsigned int num, unsigned int format); void (*save_firewall)(const void *data, unsigned int format); + void (*save_counters)(const void *data, unsigned int format); void (*proto_parse)(struct iptables_command_state *cs, struct xtables_args *args); void (*post_parse)(int command, struct iptables_command_state *cs, @@ -117,8 +118,8 @@ void save_firewall_details(const struct iptables_command_state *cs, const char *iniface, unsigned const char *iniface_mask, const char *outiface, - unsigned const char *outiface_mask, - unsigned int format); + unsigned const char *outiface_mask); +void save_counters(uint64_t pcnt, uint64_t bcnt, unsigned int format); void save_matches_and_target(struct xtables_rule_match *m, struct xtables_target *target, const char *jumpto, diff --git a/iptables/nft.c b/iptables/nft.c index 26942d8..1157646 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -939,8 +939,8 @@ int add_counters(struct nft_rule *r, uint64_t packets, uint64_t bytes) if (expr == NULL) return -ENOMEM; - nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_BYTES, packets); - nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_PACKETS, bytes); + nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_PACKETS, packets); + nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_BYTES, bytes); nft_rule_add_expr(r, expr); @@ -1048,6 +1048,11 @@ nft_rule_print_save(const void *data, int family = nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY); struct nft_family_ops *ops; + ops = nft_family_ops_lookup(family); + + if (!(format & FMT_NOCOUNTS) && ops->save_counters) + ops->save_counters(data, format); + /* print chain name */ switch(type) { case NFT_RULE_APPEND: @@ -1058,8 +1063,6 @@ nft_rule_print_save(const void *data, break; } - ops = nft_family_ops_lookup(family); - if (ops->save_firewall) ops->save_firewall(data, format);