[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: accounting patch for ip_fil.3.2.3
From: "Yaroslav Terletsky" <ts () polynet ! lviv ! ua>
Date: 1998-01-22 10:15:21
[Download RAW message or body]
Hi
I think for people who use ipf as an accounting tool would be useful
to have a feature this patch provides. It allows, when zeroing counters
with -z option, print rule number (@n) if -N option is specified.
With careful use it can be used to speed up the search for rules by
accounting script.
Patch makes minimum changes, but creates new element of frentry structure
(fr_num) which is used only for passing this number while ioctl(SIOCZRLST). If
someone has a better idea how to do that please let me know. Patch passed the
test on FreeBSD-2.2.2 and everything seems work fine.
And one thing else, Darren, there is a lack of options in SYNOPSIS of
ipfstat(8).
Bye.
# Yaroslav Terletsky # State University "Lvivska Poytechnika" #
# ts@polynet.lviv.ua # UNIX System and Network Administrator #
# Freedom is the possibility to say that two by two equals four #
*** ip_fil.c.orig Wed Jan 21 10:21:33 1998
--- ip_fil.c Wed Jan 21 10:09:30 1998
***************
*** 554,560 ****
frentry_t frd;
frdest_t *fdp;
frgroup_t *fg = NULL;
! int error = 0, in, group;
fp = &frd;
IRCOPY(data, (caddr_t)fp, sizeof(*fp));
--- 554,560 ----
frentry_t frd;
frdest_t *fdp;
frgroup_t *fg = NULL;
! int error = 0, in, group, n;
fp = &frd;
IRCOPY(data, (caddr_t)fp, sizeof(*fp));
***************
*** 616,622 ****
* Look for a matching filter rule, but don't include the next or
* interface pointer in the comparison (fr_next, fr_ifa).
*/
! for (; (f = *ftail); ftail = &f->fr_next)
if (bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip,
FR_CMPSIZ) == 0)
break;
--- 616,622 ----
* Look for a matching filter rule, but don't include the next or
* interface pointer in the comparison (fr_next, fr_ifa).
*/
! for (n = 1; (f = *ftail); ftail = &f->fr_next, n++)
if (bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip,
FR_CMPSIZ) == 0)
break;
***************
*** 627,632 ****
--- 627,633 ----
if (req == SIOCZRLST) {
if (!f)
return ESRCH;
+ f->fr_num = n;
IWCOPY((caddr_t)f, data, sizeof(*f));
f->fr_hits = 0;
f->fr_bytes = 0;
*** ip_fil.h.orig Wed Jan 21 10:16:30 1998
--- ip_fil.h Wed Jan 21 10:09:30 1998
***************
*** 139,144 ****
--- 139,145 ----
struct frentry *fr_grp;
int fr_ref; /* reference count - for grouping */
void *fr_ifa;
+ int fr_num; /* serial rule number */
/*
* These are only incremented when a packet matches this rule and
* it is the last match
*** ip_lfil.c.orig Wed Jan 21 10:21:33 1998
--- ip_lfil.c Wed Jan 21 10:09:30 1998
***************
*** 393,399 ****
frentry_t frd;
frdest_t *fdp;
frgroup_t *fg = NULL;
! int error = 0, in, group;
fp = &frd;
IRCOPY(data, (caddr_t)fp, sizeof(*fp));
--- 393,399 ----
frentry_t frd;
frdest_t *fdp;
frgroup_t *fg = NULL;
! int error = 0, in, group, n;
fp = &frd;
IRCOPY(data, (caddr_t)fp, sizeof(*fp));
***************
*** 457,463 ****
* Look for a matching filter rule, but don't include the next or
* interface pointer in the comparison (fr_next, fr_ifa).
*/
! for (; (f = *ftail); ftail = &f->fr_next)
if (bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip,
FR_CMPSIZ) == 0)
break;
--- 457,463 ----
* Look for a matching filter rule, but don't include the next or
* interface pointer in the comparison (fr_next, fr_ifa).
*/
! for (n = 1; (f = *ftail); ftail = &f->fr_next, n++)
if (bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip,
FR_CMPSIZ) == 0)
break;
*** ip_sfil.c.orig Wed Jan 21 10:21:33 1998
--- ip_sfil.c Wed Jan 21 10:09:30 1998
***************
*** 337,343 ****
frentry_t fr;
frdest_t *fdp;
frgroup_t *fg = NULL;
! int error = 0, in, group;
ill_t *ill;
ipif_t *ipif;
ire_t *ire;
--- 337,343 ----
frentry_t fr;
frdest_t *fdp;
frgroup_t *fg = NULL;
! int error = 0, in, group, n;
ill_t *ill;
ipif_t *ipif;
ire_t *ire;
***************
*** 426,432 ****
* Look for a matching filter rule, but don't include the next or
* interface pointer in the comparison (fr_next, fr_ifa).
*/
! for (; (f = *ftail); ftail = &f->fr_next)
if (bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip,
FR_CMPSIZ) == 0)
break;
--- 426,432 ----
* Look for a matching filter rule, but don't include the next or
* interface pointer in the comparison (fr_next, fr_ifa).
*/
! for (n = 1; (f = *ftail); ftail = &f->fr_next, n++)
if (bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip,
FR_CMPSIZ) == 0)
break;
***************
*** 437,442 ****
--- 437,443 ----
if (req == SIOCZRLST) {
if (!f)
return ESRCH;
+ f->fr_num = n;
IWCOPY((caddr_t)f, data, sizeof(*f));
f->fr_hits = 0;
f->fr_bytes = 0;
*** ipf.c.orig Wed Jan 21 10:21:32 1998
--- ipf.c Wed Jan 21 10:09:30 1998
***************
*** 74,80 ****
{
int c;
! while ((c = getopt(argc, argv, "AdDEf:F:Il:noPrsUvyzZ")) != -1) {
switch (c)
{
case 'A' :
--- 74,80 ----
{
int c;
! while ((c = getopt(argc, argv, "AdDEf:F:Il:nNoPrsUvyzZ")) != -1) {
switch (c)
{
case 'A' :
***************
*** 104,109 ****
--- 104,112 ----
case 'n' :
opts |= OPT_DONOTHING;
break;
+ case 'N' :
+ opts |= OPT_SHOWLINENO;
+ break;
case 'o' :
opts |= OPT_OUTQUE;
break;
***************
*** 257,262 ****
--- 260,267 ----
printf("hits %ld bytes %ld ",
#endif
fr->fr_hits, fr->fr_bytes);
+ if(opts & OPT_SHOWLINENO)
+ printf("@%d ",fr->fr_num);
printfr(fr);
}
} else if ((opts & OPT_REMOVE) &&
*** man/ipf.4.orig Wed Jan 21 11:55:06 1998
--- man/ipf.4 Wed Jan 21 11:54:08 1998
***************
*** 47,52 ****
--- 47,53 ----
struct frentry *fr_grp;
int fr_ref; /* reference count - for grouping */
struct ifnet *fr_ifa;
+ int fr_num; /* rule number */
/*
* These are only incremented when a packet matches this rule and
* it is the last match
*** man/ipf.8.orig Wed Jan 21 11:55:09 1998
--- man/ipf.8 Wed Jan 21 11:54:08 1998
***************
*** 4,10 ****
.SH SYNOPSIS
.B ipf
[
! .B \-AdDEInorsUvyzZ
] [
.B \-l
<block|pass|nomatch>
--- 4,10 ----
.SH SYNOPSIS
.B ipf
[
! .B \-AdDEInNorsUvyzZ
] [
.B \-l
<block|pass|nomatch>
***************
*** 76,81 ****
--- 76,85 ----
.B \-n
This flag (no-change) prevents \fBipf\fP from actually making any ioctl
calls or doing anything which would alter the currently running kernel.
+ .TP
+ .B \-N
+ While zeroing rule statistics ('-z' option) show rule number prepended
+ by @ character.
.TP
.B \-o
Force rules by default to be added/deleted to/from the output list, rather
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic