ret = ip6tc_rename_chain(chain, newname, handle);
break;
case CMD_SET_POLICY:
- ret = ip6tc_set_policy(chain, policy, handle);
+ ret = ip6tc_set_policy(chain, policy, NULL, handle);
break;
default:
/* We should never reach this... */
.B iptables-restore
as input for
.B iptables-restore.
+.PP
Expect this to be fixed in the next iptables release.
+.PP
To make it work, reorder the output in a way that in every table, all
user-defined chains are created before any other chain uses this chain
as target.
+.PP
+.B iptables-restore
+does only restore the counter values of the builtin chains, and
+.B NOT
+the individual counters of each rule.
.SH AUTHOR
Harald Welte <laforge@gnumonks.org>
.SH SEE ALSO
return handle;
}
+int parse_counters(char *string, struct ipt_counters *ctr)
+{
+ return (sscanf(string, "[%llu:%llu]", &ctr->pcnt, &ctr->bcnt) == 2);
+}
int main(int argc, char *argv[])
{
/* New chain. */
char *policy, *chain;
- /* FIXME: Don't ignore counters. */
-
chain = strtok(buffer+1, " \t\n");
DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain) {
}
if (strcmp(policy, "-") != 0) {
+ struct ipt_counters count;
+
+ if (counters) {
+ char *ctrs;
+ ctrs = strtok(NULL, " \t\n");
+
+ parse_counters(ctrs, &count);
+
+ } else {
+ memset(&count, 0,
+ sizeof(struct ipt_counters));
+ }
DEBUGP("Setting policy of chain %s to %s\n",
chain, policy);
- if (!iptc_set_policy(chain, policy, &handle))
+ if (!iptc_set_policy(chain, policy, &count,
+ &handle))
exit_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
char *newargv[1024];
int i,a;
char *ptr = buffer;
+ char *ctrs = NULL;
+ struct ipt_counters count;
- /* FIXME: Don't ignore counters. */
if (buffer[0] == '[') {
ptr = strchr(buffer, ']');
if (!ptr)
exit_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
+ ctrs = strtok(ptr, " \t\n");
+ }
+
+ if (counters && ctrs) {
+
+ parse_counters(ctrs, &count);
}
+ /* FIXME: Don't ignore counters. */
+
newargv[0] = argv[0];
newargv[1] = "-t";
newargv[2] = (char *) &curtable;
/* strtok: a function only a coder could love */
for (i = 5; i < sizeof(newargv)/sizeof(char *); i++) {
- if (!(newargv[i] = strtok(ptr, " \t\n")))
+ if (!(newargv[i] = strtok(NULL, " \t\n")))
break;
ptr = NULL;
}
/* print counters */
if (counters)
- printf("[%llu,%llu] ", e->counters.pcnt, e->counters.bcnt);
+ printf("[%llu:%llu] ", e->counters.pcnt, e->counters.bcnt);
/* Print IP part. */
print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr,
struct ipt_counters count;
printf("%s ",
iptc_get_policy(chain, &count, &h));
- printf("%llu:%llu\n", count.pcnt, count.bcnt);
+ printf("[%llu:%llu]\n", count.pcnt, count.bcnt);
} else {
- printf("- 0 0\n");
+ printf("- [0:0]\n");
}
/* Dump out rules */
ret = iptc_rename_chain(chain, newname, handle);
break;
case CMD_SET_POLICY:
- ret = iptc_set_policy(chain, policy, handle);
+ ret = iptc_set_policy(chain, policy, NULL, handle);
break;
default:
/* We should never reach this... */
projects / thirdparty / iptables.git / commitdiff
