Add current and limit to conntrack table display

2024-12-22 06:10:42 +01:00 · 2009-12-12 09:10:24 -08:00 · 2009-12-12 09:10:24 -08:00 · 43c45a064c
commit 43c45a064c
parent c56ff69c8f
4 changed files with 28 additions and 4 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -28,6 +28,8 @@ Changes in Shorewall 4.4.5

 14) Remove silly logic in expand_rule().

+15) Add current and limit to Conntrack Table Heading.
+
 Changes in Shorewall 4.4.4

 1)  Change STARTUP_LOG and LOG_VERBOSITY in default shorewall6.conf.
--- a/Shorewall/lib.cli
+++ b/Shorewall/lib.cli
@ -453,7 +453,9 @@ show_command() {
    case "$1" in
 	connections)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$PRODUCT $version Connections at $HOSTNAME - $(date)"
+	    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
+	    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+	    echo "$PRODUCT $version Connections ($count out of $max) at $HOSTNAME - $(date)"
 	    echo
 	    [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack
 	    ;;
@ -728,7 +730,10 @@ dump_command() {
    heading "Raw Table"
    $IPTABLES -t raw -L $IPT_OPTIONS

-    heading "Conntrack Table"
+    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
+    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+
+    heading "Conntrack Table ($count out of $max)"
    [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack

    heading "IP Configuration"
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -249,6 +249,18 @@ None.
 3)  Systems that do not log Netfilter messages locally can now set
    LOGFILE=/dev/null in shorewall.conf.

+4)  The 'shorewall show connections' and 'shorewall dump' commands now
+    display the current number of connections and the max supported
+    connections.
+
+    Example:
+
+	shorewall show connections
+    	Shorewall 4.5.0 Connections (62 out of 65536) at gateway - Sat ...
+
+    In that case, there were 62 current connections out of a maximum
+    number supported of 65536.
+
 ----------------------------------------------------------------------------
                N E W   F E A T U R E S   I N   4 . 4 . 0
 ----------------------------------------------------------------------------
--- a/Shorewall6/lib.cli
+++ b/Shorewall6/lib.cli
@ -406,7 +406,9 @@ show_command() {
    case "$1" in
 	connections)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$PRODUCT $version Connections at $HOSTNAME - $(date)"
+	    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
+	    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+	    echo "$PRODUCT $version Connections ($count of $max) at $HOSTNAME - $(date)"
 	    echo
 	    grep '^ipv6' /proc/net/nf_conntrack
 	    ;;
@ -659,7 +661,10 @@ dump_command() {
    heading "Raw Table"
    $IP6TABLES -t raw -L $IPT_OPTIONS

-    heading "Conntrack Table"
+    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
+    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+
+    heading "Conntrack Table ($count out of $max)"
    grep '^ipv6' /proc/net/nf_conntrack

    heading "IP Configuration"