From 43c45a064cb65ed705d9af3317830c35c7174284 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 12 Dec 2009 09:10:24 -0800 Subject: [PATCH] Add current and limit to conntrack table display --- Shorewall/changelog.txt | 2 ++ Shorewall/lib.cli | 9 +++++++-- Shorewall/releasenotes.txt | 12 ++++++++++++ Shorewall6/lib.cli | 9 +++++++-- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index c1ec7f123..9d070a882 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -28,6 +28,8 @@ Changes in Shorewall 4.4.5 14) Remove silly logic in expand_rule(). +15) Add current and limit to Conntrack Table Heading. + Changes in Shorewall 4.4.4 1) Change STARTUP_LOG and LOG_VERBOSITY in default shorewall6.conf. diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index 03272a818..0edb77ddb 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -453,7 +453,9 @@ show_command() { case "$1" in connections) [ $# -gt 1 ] && usage 1 - echo "$PRODUCT $version Connections at $HOSTNAME - $(date)" + local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count) + local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max) + echo "$PRODUCT $version Connections ($count out of $max) at $HOSTNAME - $(date)" echo [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack ;; @@ -728,7 +730,10 @@ dump_command() { heading "Raw Table" $IPTABLES -t raw -L $IPT_OPTIONS - heading "Conntrack Table" + local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count) + local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max) + + heading "Conntrack Table ($count out of $max)" [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack heading "IP Configuration" diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 373fd5dc9..438ee42d6 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -249,6 +249,18 @@ None. 3) Systems that do not log Netfilter messages locally can now set LOGFILE=/dev/null in shorewall.conf. +4) The 'shorewall show connections' and 'shorewall dump' commands now + display the current number of connections and the max supported + connections. + + Example: + + shorewall show connections + Shorewall 4.5.0 Connections (62 out of 65536) at gateway - Sat ... + + In that case, there were 62 current connections out of a maximum + number supported of 65536. + ---------------------------------------------------------------------------- N E W F E A T U R E S I N 4 . 4 . 0 ---------------------------------------------------------------------------- diff --git a/Shorewall6/lib.cli b/Shorewall6/lib.cli index 4fc68f572..acd1bdc04 100644 --- a/Shorewall6/lib.cli +++ b/Shorewall6/lib.cli @@ -406,7 +406,9 @@ show_command() { case "$1" in connections) [ $# -gt 1 ] && usage 1 - echo "$PRODUCT $version Connections at $HOSTNAME - $(date)" + local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count) + local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max) + echo "$PRODUCT $version Connections ($count of $max) at $HOSTNAME - $(date)" echo grep '^ipv6' /proc/net/nf_conntrack ;; @@ -659,7 +661,10 @@ dump_command() { heading "Raw Table" $IP6TABLES -t raw -L $IPT_OPTIONS - heading "Conntrack Table" + local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count) + local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max) + + heading "Conntrack Table ($count out of $max)" grep '^ipv6' /proc/net/nf_conntrack heading "IP Configuration"