Wrapper script for ipset listing

Wrapper script for ipset listing

[Born Without]

[-- Attachment #1: Type: text/plain, Size: 358 bytes --]

Hello list!

As I was missing those features in the ipset set listing capabilities:

- show sum of set members
- suppress listing of headers
- choose a delimiter character for separating member entries

I wrote a little wrapper script (for the bash shell) to support them.
For those who like, you'll find it attached.

Comments etc. welcome...

Best regards

[-- Attachment #2: ipset_list.bash --]
[-- Type: text/plain, Size: 2089 bytes --]

#!/bin/bash

# -----------------------------------------------------------------
ipset="/sbin/ipset"
delim=" "
TMOUT=30
# -----------------------------------------------------------------

set -f
shopt -s extglob

show_count=0 show_members=0 headers_only=0 names_only=0 i=0

[[ -x $ipset ]] || {
	printf "ipset binary \`%s' does not exist, or is not executable" "$ipset"
	exit 1
}
while (($#)); do
	case "$1" in
		-h) printf "%s [-{c|h|m|n|r|s|t}] [...] [-d char] [set-name] [...]\n" "${0//*\//}"
			exit 0
		;;
		-c) show_count=1
			shift
		;;
		-m) show_members=1
			shift
		;;
		-n) names_only=1
			shift
		;;
		-t) headers_only=1
			shift
		;;
		-d) if [[ -z $2 ]]; then
				printf "delim character is missing\n" >&2
				exit 2
			else
				if ((${#2} > 1)); then
					printf "only one character is allowed as delim\n" >&2
					exit 2
				fi
				delim="$2"
				shift 2
			fi
		;;
		-s|-r) arr_par[i++]="$1"
			shift
		;;
		-o) if [[ $2 != plain ]]; then
				printf "only plain output is supported\n" >&2
				exit 2
			else
				shift 2
			fi
		;;
		-\!|-f) shift
		;;
		*) break
	esac
done
if ((names_only)); then
	if ((show_count || show_members)); then
		printf "options -n and -c|-m are mutually exclusive\n" >&2
		exit 2
	fi
	"$ipset" l -n
	exit $?
fi
if ((headers_only)); then
	if ((show_count || show_members)); then
		printf "options -t and -c|-m are mutually exclusive\n" >&2
		exit 2
	fi
	"$ipset" l -t
	exit $?
fi

i=0
if [[ $1 ]]; then
	arr_opts=("$@")
else
	while IFS=$'\n' read -r; do
		arr_opts[i++]="$REPLY"
	done < <("$ipset" l -n)
	i=0
fi

for x in "${!arr_opts[@]}"; do
	while read -r; do
		if [[ $REPLY = Name:* ]]; then i=0
			printf "\n%s\n" "$REPLY"
			continue
		elif [[ $REPLY = @(Type|Revision|Header|Size in memory|References|Members):* ]]; then
			continue
		elif [[ -z $REPLY ]]; then
			continue
		else
			if ((show_members)); then
				printf "%s$delim" "$REPLY"
			fi
			let i+=1
		fi
	done < <("$ipset" l "${arr_opts[x]}" "${arr_par[@]}")
	if ((show_members)); then
		printf "\n"
	fi
	if ((show_count && i)); then
		printf "Member count: %d\n" $i
	fi
done

Re: Wrapper script for ipset listing

[Born Without]

[-- Attachment #1: Type: text/plain, Size: 554 bytes --]

On 05.01.2013 17:05, Born Without wrote:
> Hello list!
>
> As I was missing those features in the ipset set listing capabilities:
>
> - show sum of set members
> - suppress listing of headers
> - choose a delimiter character for separating member entries
>
> I wrote a little wrapper script (for the bash shell) to support them.
> For those who like, you'll find it attached.
>
> Comments etc. welcome...
>
> Best regards

Just noticed, that for sets with 0 members the sum is not shown.
Attached version changes that.
Sorry for the noise.

Best regards

[-- Attachment #2: ipset_list.bash --]
[-- Type: text/plain, Size: 2084 bytes --]

#!/bin/bash

# -----------------------------------------------------------------
ipset="/sbin/ipset"
delim=" "
TMOUT=30
# -----------------------------------------------------------------

set -f
shopt -s extglob

show_count=0 show_members=0 headers_only=0 names_only=0 i=0

[[ -x $ipset ]] || {
	printf "ipset binary \`%s' does not exist, or is not executable" "$ipset"
	exit 1
}
while (($#)); do
	case "$1" in
		-h) printf "%s [-{c|h|m|n|r|s|t}] [...] [-d char] [set-name] [...]\n" "${0//*\//}"
			exit 0
		;;
		-c) show_count=1
			shift
		;;
		-m) show_members=1
			shift
		;;
		-n) names_only=1
			shift
		;;
		-t) headers_only=1
			shift
		;;
		-d) if [[ -z $2 ]]; then
				printf "delim character is missing\n" >&2
				exit 2
			else
				if ((${#2} > 1)); then
					printf "only one character is allowed as delim\n" >&2
					exit 2
				fi
				delim="$2"
				shift 2
			fi
		;;
		-s|-r) arr_par[i++]="$1"
			shift
		;;
		-o) if [[ $2 != plain ]]; then
				printf "only plain output is supported\n" >&2
				exit 2
			else
				shift 2
			fi
		;;
		-\!|-f) shift
		;;
		*) break
	esac
done
if ((names_only)); then
	if ((show_count || show_members)); then
		printf "options -n and -c|-m are mutually exclusive\n" >&2
		exit 2
	fi
	"$ipset" l -n
	exit $?
fi
if ((headers_only)); then
	if ((show_count || show_members)); then
		printf "options -t and -c|-m are mutually exclusive\n" >&2
		exit 2
	fi
	"$ipset" l -t
	exit $?
fi

i=0
if [[ $1 ]]; then
	arr_opts=("$@")
else
	while IFS=$'\n' read -r; do
		arr_opts[i++]="$REPLY"
	done < <("$ipset" l -n)
	i=0
fi

for x in "${!arr_opts[@]}"; do
	while read -r; do
		if [[ $REPLY = Name:* ]]; then i=0
			printf "\n%s\n" "$REPLY"
			continue
		elif [[ $REPLY = @(Type|Revision|Header|Size in memory|References|Members):* ]]; then
			continue
		elif [[ -z $REPLY ]]; then
			continue
		else
			if ((show_members)); then
				printf "%s$delim" "$REPLY"
			fi
			let i+=1
		fi
	done < <("$ipset" l "${arr_opts[x]}" "${arr_par[@]}")
	if ((show_members)); then
		printf "\n"
	fi
	if ((show_count)); then
		printf "Member count: %d\n" $i
	fi
done

Re: Wrapper script for ipset listing

[Jan Engelhardt]

On Saturday 2013-01-05 17:05, Born Without wrote:

> Hello list!
>
> As I was missing those features in the ipset set listing capabilities:
>
> - show sum of set members
> - suppress listing of headers
> - choose a delimiter character for separating member entries
>
> I wrote a little wrapper script (for the bash shell) to support them.
> For those who like, you'll find it attached.

There's libipset, with which this task should be achievable to the 
maximum customizable degree without involving ugly text parsing with sh.

Re: Wrapper script for ipset listing

[Born Without]

On 05.01.2013 18:10, netfilter-owner@vger.kernel.org wrote:
> On Saturday 2013-01-05 17:05, Born Without wrote:


>> As I was missing those features in the ipset set listing capabilities:
>>
>> - show sum of set members
>> - suppress listing of headers
>> - choose a delimiter character for separating member entries
>>
>> I wrote a little wrapper script (for the bash shell) to support them.
>> For those who like, you'll find it attached.
>
> There's libipset, with which this task should be achievable to the
> maximum customizable degree without involving ugly text parsing with sh.

Hello Jan,

good you mention libipset, because not even the man page does, nor does 
any documentation or similar exist.
Interesting, that you belittle text parsing, it's such a common task in 
linux. And thank you for telling us, that C has more power that sh. 
Really great insight!

Re: Wrapper script for ipset listing

[Born Without]

[-- Attachment #1: Type: text/plain, Size: 729 bytes --]

On 05.01.2013 17:16, Born Without wrote:
> On 05.01.2013 17:05, Born Without wrote:
>> Hello list!
>>
>> As I was missing those features in the ipset set listing capabilities:
>>
>> - show sum of set members
>> - suppress listing of headers
>> - choose a delimiter character for separating member entries
>>
>> I wrote a little wrapper script (for the bash shell) to support them.
>> For those who like, you'll find it attached.
>>
>> Comments etc. welcome...

> Just noticed, that for sets with 0 members the sum is not shown.
> Attached version changes that.
> Sorry for the noise.

Slightly advanced version attached.
-t now only shows selected sets headers.

Sorry again for noise, ummh - that should be it...

Best regards


[-- Attachment #2: ipset_list.bash --]
[-- Type: text/plain, Size: 2275 bytes --]

#!/bin/bash

# -----------------------------------------------------------------
ipset="/sbin/ipset"
delim=" "
TMOUT=30
# -----------------------------------------------------------------

set -f
shopt -s extglob

show_count=0 show_members=0 headers_only=0 names_only=0 i=0

[[ -x $ipset ]] || {
	printf "ipset binary \`%s' does not exist, or is not executable" "$ipset"
	exit 1
}
while (($#)); do
	case "$1" in
		-h) printf "%s [-{c|h|m|n|r|s|t}] [...] [-d char] [set-name] [...]\n" "${0//*\//}"
			exit 0
		;;
		-c) show_count=1
			shift
		;;
		-m) show_members=1
			shift
		;;
		-n) names_only=1
			shift
		;;
		-t) headers_only=1
			arr_par[i++]="$1"
			shift
		;;
		-d) if [[ -z $2 ]]; then
				printf "delim character is missing\n" >&2
				exit 2
			else
				if ((${#2} > 1)); then
					printf "only one character is allowed as delim\n" >&2
					exit 2
				fi
				delim="$2"
				shift 2
			fi
		;;
		-s|-r) arr_par[i++]="$1"
			shift
		;;
		-o) if [[ $2 != plain ]]; then
				printf "only plain output is supported\n" >&2
				exit 2
			else
				shift 2
			fi
		;;
		-\!|-f) shift
		;;
		*) break
	esac
done

if ((names_only && headers_only)); then
	printf "options -n and -t are mutually exclusive\n" >&2
	exit 2
elif ((headers_only)); then
	if ((show_count || show_members)); then
		printf "options -t and -c|-m are mutually exclusive\n" >&2
		exit 2
	fi
elif ((names_only)); then
	if ((show_count || show_members)); then
		printf "options -n and -c|-m are mutually exclusive\n" >&2
		exit 2
	fi
	"$ipset" l -n
	exit $?
fi

i=0
if [[ $1 ]]; then
	arr_opts=("$@")
else
	while IFS=$'\n' read -r; do
		arr_opts[i++]="$REPLY"
	done < <("$ipset" l -n)
	i=0
fi

for x in "${!arr_opts[@]}"; do
	while read -r; do
		if [[ $REPLY = Name:* ]]; then i=0
			printf "\n%s\n" "$REPLY"
			continue
		elif [[ $REPLY = @(Type|Revision|Header|Size in memory|References|Members):* ]]; then
			if ((headers_only)); then
				printf "%s\n" "$REPLY"
			fi
			continue
		elif [[ -z $REPLY ]]; then
			continue
		else
			if ((show_members)); then
				printf "%s$delim" "$REPLY"
			fi
			let i+=1
		fi
	done < <("$ipset" l "${arr_opts[x]}" "${arr_par[@]}")
	if ((show_members)) && [[ $delim != $'\n' ]]; then
		printf "\n"
	fi
	if ((show_count)); then
		printf "Member count: %d\n" $i
	fi
done

Re: Wrapper script for ipset listing

[Jan Engelhardt]

On Sunday 2013-01-06 04:50, Born Without wrote:
>>> As I was missing those features in the ipset set listing capabilities:
>>>
>>> - show sum of set members
>>> - suppress listing of headers
>>> - choose a delimiter character for separating member entries
>>>
>>> I wrote a little wrapper script (for the bash shell) to support them.
>>> For those who like, you'll find it attached.
>>
>> There's libipset, with which this task should be achievable to the
>> maximum customizable degree without involving ugly text parsing with sh.
>
> Hello Jan,
>
> good you mention libipset, because not even the man page does, nor does any
> documentation or similar exist.

I have taken Joszef into Cc..

> Interesting, that you belittle text parsing, it's such a common task in linux.
> And thank you for telling us, that C has more power that sh. Really great
> insight!

"Common" does not mean "the right thing", especially if the output is prone to
change - and by definition, everything that has not been declared as giving a
stable output can easily change at inconvenient times, depending on moon phase
and locale settings.

Stable output does not necessarily mean a C API. Tools default to output
human-readable prose, and may require specific options to put them into
machine-parseable mode. Compare: `date` vs. `date -d +"%F %T"` (parseable).

Re: Wrapper script for ipset listing

[Jozsef Kadlecsik]

On Sun, 6 Jan 2013, Jan Engelhardt wrote:

> On Sunday 2013-01-06 04:50, Born Without wrote:
> >>> As I was missing those features in the ipset set listing capabilities:
> >>>
> >>> - show sum of set members
> >>> - suppress listing of headers
> >>> - choose a delimiter character for separating member entries
> >>>
> >>> I wrote a little wrapper script (for the bash shell) to support them.
> >>> For those who like, you'll find it attached.
> >>
> >> There's libipset, with which this task should be achievable to the
> >> maximum customizable degree without involving ugly text parsing with sh.
> >
> > good you mention libipset, because not even the man page does, nor does any
> > documentation or similar exist.
> 
> I have taken Joszef into Cc..
> 
> > Interesting, that you belittle text parsing, it's such a common task 
> > in linux. And thank you for telling us, that C has more power that sh. 
> > Really great insight!
> 
> "Common" does not mean "the right thing", especially if the output is 
> prone to change - and by definition, everything that has not been 
> declared as giving a stable output can easily change at inconvenient 
> times, depending on moon phase and locale settings.
> 
> Stable output does not necessarily mean a C API. Tools default to output
> human-readable prose, and may require specific options to put them into
> machine-parseable mode. Compare: `date` vs. `date -d +"%F %T"` (parseable).

In order to parse the output produced by ipset, one should take into 
account the followings:

- New header elements may appear but the header part is always 
  started by "Name:" and ended by "Members:".
- New value parameters may appear but those are appended to the existing
  ones.

If those "rules" are taken into account, then shell/perl/etc scripts can 
safely parse the output.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary

Re: Wrapper script for ipset listing

[Born Without]

[-- Attachment #1: Type: text/plain, Size: 1442 bytes --]

On 07.01.2013 08:59, Jozsef Kadlecsik wrote:
> On Sun, 6 Jan 2013, Jan Engelhardt wrote:
>
>> On Sunday 2013-01-06 04:50, Born Without wrote:
>>>>> As I was missing those features in the ipset set listing capabilities:
>>>>>
>>>>> - show sum of set members
>>>>> - suppress listing of headers
>>>>> - choose a delimiter character for separating member entries
>>>>>
>>>>> I wrote a little wrapper script (for the bash shell) to support them.
>>>>> For those who like, you'll find it attached.
>>>>
>>>> There's libipset, with which this task should be achievable to the
>>>> maximum customizable degree without involving ugly text parsing with sh.
>>>
>>> good you mention libipset, because not even the man page does, nor does any
>>> documentation or similar exist.
>>
>> I have taken Joszef into Cc..

[...]

>
> In order to parse the output produced by ipset, one should take into
> account the followings:
>
> - New header elements may appear but the header part is always
>    started by "Name:" and ended by "Members:".
> - New value parameters may appear but those are appended to the existing
>    ones.
>
> If those "rules" are taken into account, then shell/perl/etc scripts can
> safely parse the output.
>

Thank you Joszef for that information.
I've taken it into account and adapted the script.
Also added:
-a parameter to act just like 'ipset list', but with whitespace as 
default delim.
comments and examples.

Best regards

[-- Attachment #2: ipset_list.bash --]
[-- Type: text/plain, Size: 3920 bytes --]

#!/bin/bash

# -----------------------------------------------------------------
# ipset set listing wrapper script
# -----------------------------------------------------------------
# Examples:
# $0                 - no args, just list set names
# $0 -c              - show all set names and their member sum
# $0 -t              - show all sets, but headers only
# $0 -c -m setA setB - show members and sum of setA & setB
# $0 -a -c -d :      - show all sets members, sum and use `:' as entry delimiter
# $0 -c -m -d $'\n' setA - show members and sum of setA, delim with newline
# -----------------------------------------------------------------

# -----------------------------------------------------------------
# Modify here
# -----------------------------------------------------------------
# path to ipset
ipset="/sbin/ipset"

# default delimiter character
delim=" "

# default read timeout
TMOUT=30
# -----------------------------------------------------------------

set -f
shopt -s extglob

show_all=0 show_count=0 show_members=0 headers_only=0 names_only=0 in_header=0 i=0

[[ -x $ipset ]] || {
	printf "ipset binary \`%s' does not exist, or is not executable" "$ipset"
	exit 1
}
while (($#)); do # parse cmd-line options
	case "$1" in
		-h) printf "ipset set listing wrapper script\n"
		   	printf "%s [-{a|c|h|m|n|r|s|t}] [...] [-d char] [set-name] [...]\n" "${0//*\//}"
			exit 0
		;;
		-a) show_all=1
			shift
		;;
		-c) show_count=1
			shift
		;;
		-m) show_members=1
			shift
		;;
		-n) names_only=1
			shift
		;;
		-t) headers_only=1
			arr_par[i++]="$1"
			shift
		;;
		-s|-r) arr_par[i++]="$1"
			shift
		;;
		-d) if [[ -z $2 ]]; then
				printf "delim character is missing\n" >&2
				exit 2
			else
				if ((${#2} > 1)); then
					printf "only one character is allowed as delim\n" >&2
					exit 2
				fi
				delim="$2"
				shift 2
			fi
		;;
		-o) if [[ $2 != plain ]]; then
				printf "only plain output is supported\n" >&2
				exit 2
			else
				shift 2
			fi
		;;
		-\!|-f) printf "unsupported option: \`$1'\n" >&2
				exit 2
		;;
		*) break
	esac
done

# option logic
if ((names_only && headers_only)); then
	printf "options -n and -t are mutually exclusive\n" >&2
	exit 2
elif ((headers_only)); then
	if ((show_count || show_members || show_all)); then
		printf "options -t and -a|-c|-m are mutually exclusive\n" >&2
		exit 2
	fi
elif ((names_only)); then
	if ((show_count || show_members || show_all)); then
		printf "options -n and -a|-c|-m are mutually exclusive\n" >&2
		exit 2
	fi
	"$ipset" l -n
	exit $?
fi

# sets to work on (no arg means all sets)
i=0
if [[ $1 ]]; then
	arr_opts=("$@")
else
	while IFS=$'\n' read -r; do
		arr_opts[i++]="$REPLY"
	done < <("$ipset" l -n)
	i=0
fi

# read sets
for x in "${!arr_opts[@]}"; do
	while read -r; do
		case "$REPLY" in
			"") : ;;
			Name:*) # header opened
				if ((in_header)); then
					printf "unexpected entry: \`%s' - header not closed?\n" "$REPLY" >&2
					exit 1
				fi
				i=0 in_header=1
				printf "\n%s\n" "$REPLY"
			;;
			@(Type|Header|Size in memory|References):*) # header entry
				if ((headers_only || show_all)); then
					printf "%s\n" "$REPLY"
				fi
			;;
			Revision:*) # header entry (closes header on -t)
				if ((headers_only)); then
					in_header=0
					printf "%s\n" "$REPLY"
				elif ((show_all)); then
					printf "%s\n" "$REPLY"
				fi
			;;
			Members:*) # header entry (closes header if not -t)
				in_header=0
				if ((show_all)); then
					printf "%s\n" "$REPLY"
				fi
			;;
			*) # member entry
			   	if ((in_header)); then
					printf "unexpected entry: \`%s'\n" "$REPLY" >&2
					exit 1
				fi
				if ((show_members || show_all)); then
					printf "%s$delim" "$REPLY"
				fi
				let i+=1
		esac
	done < <("$ipset" l "${arr_opts[x]}" "${arr_par[@]}")
	if ((show_members || show_all)) && [[ $delim != $'\n' ]]; then
		printf "\n"
	fi
	if ((show_count)); then
		printf "Member count: %d\n" $i
	fi
done

Re: Wrapper script for ipset listing

[Pablo Neira Ayuso]

On Wed, Jan 09, 2013 at 07:52:44AM +0100, Born Without wrote:
> On 07.01.2013 08:59, Jozsef Kadlecsik wrote:
> >On Sun, 6 Jan 2013, Jan Engelhardt wrote:
> >
> >>On Sunday 2013-01-06 04:50, Born Without wrote:
> >>>>>As I was missing those features in the ipset set listing capabilities:
> >>>>>
> >>>>>- show sum of set members
> >>>>>- suppress listing of headers
> >>>>>- choose a delimiter character for separating member entries
> >>>>>
> >>>>>I wrote a little wrapper script (for the bash shell) to support them.
> >>>>>For those who like, you'll find it attached.
> >>>>
> >>>>There's libipset, with which this task should be achievable to the
> >>>>maximum customizable degree without involving ugly text parsing with sh.
> >>>
> >>>good you mention libipset, because not even the man page does, nor does any
> >>>documentation or similar exist.
> >>
> >>I have taken Joszef into Cc..
> 
> [...]
> 
> >
> >In order to parse the output produced by ipset, one should take into
> >account the followings:
> >
> >- New header elements may appear but the header part is always
> >   started by "Name:" and ended by "Members:".
> >- New value parameters may appear but those are appended to the existing
> >   ones.
> >
> >If those "rules" are taken into account, then shell/perl/etc scripts can
> >safely parse the output.
> >
> 
> Thank you Joszef for that information.
> I've taken it into account and adapted the script.
> Also added:
> -a parameter to act just like 'ipset list', but with whitespace as
> default delim.
> comments and examples.
> 
> Best regards

> #!/bin/bash

Suggestion: Some explicit header with licensing terms of your script
is a good idea if you want to share things, otherwise the law in most
countries defaults to "all right reserved".

And if you use the same license than ipset, it may help Jozsef to
consider adding that to some contrib directory. Or you can just
publish it in your personal website.

Re: Wrapper script for ipset listing

[Born Without]

On 09.01.2013 12:52, Pablo Neira Ayuso wrote:
[...]
>>>> On Sunday 2013-01-06 04:50, Born Without wrote:
>>>>>>> As I was missing those features in the ipset set listing capabilities:
>>>>>>>
>>>>>>> - show sum of set members
>>>>>>> - suppress listing of headers
>>>>>>> - choose a delimiter character for separating member entries
>>>>>>>
>>>>>>> I wrote a little wrapper script (for the bash shell) to support them.

[...]

> Suggestion: Some explicit header with licensing terms of your script
> is a good idea if you want to share things, otherwise the law in most
> countries defaults to "all right reserved".
>
> And if you use the same license than ipset, it may help Jozsef to
> consider adding that to some contrib directory. Or you can just
> publish it in your personal website.

Thank you for the suggestion.
I wasn't even thinking of license stuff...
This is just a simple helper script. Anybody can use it freely.
But no problem, I'll add some license :)
Don't know much about them.
But I guess GPL 3 will do?
Also for Jozsef, if he would consider adding it to contrib?

One thing still is missing, to make it more foolproof, there's no 
checking for supported ipset versions (i.e v2.x) in the script.
I only have 6.16.1 installed.
I don't know if the -v|--version option is persistent through ipset 
versions.
I don't know if the format of the version output is persistent through 
ipset versions.
I don't know from what version the \`list' action is valid (before it 
was -L i think?).
I don't know if the plain listing output (header - members) is 
persistent through ipset versions.

With this information I could incorporate version checking and 
eventually support older versions.

Best regards

Re: Wrapper script for ipset listing

[Eliezer Croitoru]

On 1/10/2013 2:53 PM, Born Without wrote:
> Thank you for the suggestion.
> I wasn't even thinking of license stuff...
> This is just a simple helper script. Anybody can use it freely.
> But no problem, I'll add some license :)
> Don't know much about them.
> But I guess GPL 3 will do?
BSD is free for all and GPL is forcing you to share somethings and will 
not allow you to do somethings with it.

In case you don't mind anyone in the world to use it even for profit BSD 
is the common one to use if I remember right.

Eliezer

Re: Wrapper script for ipset listing

[Jozsef Kadlecsik]

On Thu, 10 Jan 2013, Born Without wrote:

> On 09.01.2013 12:52, Pablo Neira Ayuso wrote:
> [...]
> 
> > Suggestion: Some explicit header with licensing terms of your script
> > is a good idea if you want to share things, otherwise the law in most
> > countries defaults to "all right reserved".
> > 
> > And if you use the same license than ipset, it may help Jozsef to
> > consider adding that to some contrib directory. Or you can just
> > publish it in your personal website.
> 
> Thank you for the suggestion.
> I wasn't even thinking of license stuff...
> This is just a simple helper script. Anybody can use it freely.
> But no problem, I'll add some license :)
> Don't know much about them.
> But I guess GPL 3 will do?

GPL 2 or 3 will do, whichever you prefer.

> Also for Jozsef, if he would consider adding it to contrib?

Yes, of course.

> One thing still is missing, to make it more foolproof, there's no checking for
> supported ipset versions (i.e v2.x) in the script.
> I only have 6.16.1 installed.
> I don't know if the -v|--version option is persistent through ipset versions.

Yes, assuming the 6.x branch. But 4.x is not developed anymore and 5.x was 
a very short lived branch. Please assume 6.x or above in your script.

In the ipset version string the first number always corresponds to the 
protocol version. The second number indicates the release number and 
sometimes there's a third number when a quick release with a very minor 
change is required. 

> I don't know if the format of the version output is persistent through ipset
> versions.

It may change partially, from this

ipset v6.14, protocol version: 6

to

ipset v7.Y, protocol versions: 6-7

> I don't know from what version the \`list' action is valid (before it was -L i
> think?).

Starting from 6.0 both syntax is valid.

> I don't know if the plain listing output (header - members) is persistent
> through ipset versions.

Yes, with the conditions I wrote previously, i.e. which prepares the 
script to accept new header lines inserted before Members or new values 
appended.
 
Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary

Re: Wrapper script for ipset listing

[Born Without]

[-- Attachment #1: Type: text/plain, Size: 2603 bytes --]

On 10.01.2013 16:19, Jozsef Kadlecsik wrote:
> On Thu, 10 Jan 2013, Born Without wrote:
>
>> On 09.01.2013 12:52, Pablo Neira Ayuso wrote:
>> [...]
>>
>>> Suggestion: Some explicit header with licensing terms of your script
>>> is a good idea if you want to share things, otherwise the law in most
>>> countries defaults to "all right reserved".

[...]
>> Don't know much about them.
>> But I guess GPL 3 will do?
>
> GPL 2 or 3 will do, whichever you prefer.
>
>> Also for Jozsef, if he would consider adding it to contrib?
>
> Yes, of course.
>
>> One thing still is missing, to make it more foolproof, there's no checking for
>> supported ipset versions (i.e v2.x) in the script.
>> I only have 6.16.1 installed.
>> I don't know if the -v|--version option is persistent through ipset versions.
>
> Yes, assuming the 6.x branch. But 4.x is not developed anymore and 5.x was
> a very short lived branch. Please assume 6.x or above in your script.
>
> In the ipset version string the first number always corresponds to the
> protocol version. The second number indicates the release number and
> sometimes there's a third number when a quick release with a very minor
> change is required.
>
>> I don't know if the format of the version output is persistent through ipset
>> versions.
>
> It may change partially, from this
>
> ipset v6.14, protocol version: 6
>
> to
>
> ipset v7.Y, protocol versions: 6-7
>
>> I don't know from what version the \`list' action is valid (before it was -L i
>> think?).
>
> Starting from 6.0 both syntax is valid.
>
>> I don't know if the plain listing output (header - members) is persistent
>> through ipset versions.
>
> Yes, with the conditions I wrote previously, i.e. which prepares the
> script to accept new header lines inserted before Members or new values
> appended.

Thank you Jozsef for that information.

I chose GPL v3...
For version checking I just extract the first digit after 'ipset v'. 
Should be sufficient.
The script doesn't check for new appended values, so nothing to do there.
Regarding headers it just checks for 'Name:' and 'Members:' to find 
them. Some checks included if it's expecting an header or not.

Also changed the following:

- Added -i option to show only the members of a (single) selected set.
- Allow combination of -c and -t, to show headers and members sum of 
(selected) sets.
- Add ipset version checking (allow 6.x and upwards).
- Check for BASH variable.
- Added version.
- Don't display member count (of 0) if an invalid set name is used.
- More exammples and comments.

Attached and hopefully bug-free

Best regards



[-- Attachment #2: ipset_list_v1.tgz --]
[-- Type: application/x-compressed, Size: 2399 bytes --]

Re: Wrapper script for ipset listing

[Born Without]

On 10.01.2013 16:01, Eliezer Croitoru wrote:
> On 1/10/2013 2:53 PM, Born Without wrote:
>> Thank you for the suggestion.
>> I wasn't even thinking of license stuff...
>> This is just a simple helper script. Anybody can use it freely.
>> But no problem, I'll add some license :)
>> Don't know much about them.
>> But I guess GPL 3 will do?
> BSD is free for all and GPL is forcing you to share somethings and will
> not allow you to do somethings with it.
>
> In case you don't mind anyone in the world to use it even for profit BSD
> is the common one to use if I remember right.

I was reading this:
http://news.slashdot.org/story/99/06/23/1313224/featuregpl-vs-bsd

so I choose to use GPL, but thank you for your suggestion.

Best regards

Re: Wrapper script for ipset listing

[Born Without]

On 10.01.2013 22:15, Born Without wrote:
[...]

 > For version checking I just extract the first digit after 'ipset v'.

Meant digits not digit...

[...]

Re: Wrapper script for ipset listing

[Born Without]

On 09.01.2013 12:52, Pablo Neira Ayuso wrote:
[...]
>>>> On Sunday 2013-01-06 04:50, Born Without wrote:
[...]
>>>>>>> I wrote a little wrapper script (for the bash shell) to support them.
>>>>>>> For those who like, you'll find it attached.

[...]

> And if you use the same license than ipset, it may help Jozsef to
> consider adding that to some contrib directory. Or you can just
> publish it in your personal website.

for the ease of use and maybe a good place to store, it's now on github 
also:

https://github.com/AllKind/ipset_list

Best regards

Re: Wrapper script for ipset listing

[Born Without]

[...]
>>>>>>> As I was missing those features in the ipset set listing capabilities:
>>>>>>>
>>>>>>> - show sum of set members
>>>>>>> - suppress listing of headers
>>>>>>> - choose a delimiter character for separating member entries
>>>>>>>
>>>>>>> I wrote a little wrapper script (for the bash shell) to support them.
[...]

Good day everybody!

over the past two weeks I kept having ideas and implementing them.
The functional additions are:

- show sets which match an arithmetic comparison (==|!=|<|>|<=|>=) on 
the sum of their elements.

- match on any header entry using an (ext)glob pattern. multiple 
selections are ANDed and only sets containing all patterns are displayed.

- allow arithmetic comparison on any header with an integer value. 
multiple selections are ANDed and only sets containing all patterns are 
displayed.

- match on set elements using either a (ext)glob, or a regex (=~ 
operator) pattern. Sum of matches can be displayed with the -c option.

- added some shortcut options to match on header entries:
    -Ht   - match on set type.
    -Hr   - match on number of references.
    -Hs   - match on size in memory.
    -Hv   - match on the revision number.


I hope those features can be considered useful. opinions welcome.
Now I'm running out of ideas, so if anybody has some, I'll be gladly 
considering any input.

I also reworked the help text (-h). But I've never done this before, so 
I'm not sure if it's accurate and understandable. I'll paste it here, 
maybe somebody here can tell me if I did something wrong.

./ipset_list -h

  ipset set listing wrapper script

ipset_list [option [opt-arg]] [set-name] [...]

ipset_list -h | -n
ipset_list -t [-c] [-Mc [!|<|>|<=|>=]value]
         [-Fh header-glob:value-glob] [...]
         [-Fi header-glob:[!|<|>|<=|>=]value] [...] [-Ht type-glob]
         [-Hr|-Hs|-Hv [!|<|>|<=|>=]value] [set-name] [...]
ipset_list -i [-r|-s] [-d char] [-Fg|-Fr pattern] set-name
ipset_list [-a|-c|-m|-r|-s] [-d char] [-Mc [!|<|>|<=|>=]value]
         [-Fh header-glob:value-glob] [...]
         [-Fi header-glob:[!|<|>|<=|>=]value] [...]
         [-Fg|-Fr pattern] [-Ht type-glob]
         [-Hr|-Hs|-Hv [!|<|>|<=|>=]value] [set-name] [...]

options:
-a       show all information but with default delim (whitespace).
-c       calculate members and match (-Fg|-Fr) sum.
-d delim       delimiter character for separating member entries.
-h       show this help text.
-i       show only the members of a single set.
-m       show set members.
-n       show set names only (raw `ipset list -n' output).
-r       try to resolve ip addresses in the output (slow!).
-s       print elements sorted (if supported by the set type).
-t       show set headers only.
-v       version information.

-Fg pattern    match set members using a [ext]glob pattern.
-Fr pattern    match set members using a regex (=~ operator) pattern.
-Fh header-glob:value-glob [...]
         show sets containing one or more ([ext]glob) matching headers.
-Fi header-glob:[!|<|>|<=|>=]value [...]
         compare one or more integer valued header entries.
-Ht set-type-glob         match on set type.
-Hr [!|<|>|<=|>=]value    match on number of references (value=int).
-Hs [!|<|>|<=|>=]value    match on size in memory (value=int).
-Hv [!|<|>|<=|>=]value    match on revision number (value=int).
-Mc [!|<|>|<=|>=]value    match on member count (value=int).


I hope with this and the examples in the code and on github, the 
features are well enough documented.

I've tested the script as much as I could, but sure some testers would 
be greatly welcome. So if anybody finds a bug, please let me know!

@Jozsef - please be sure to check github for eventually updated 
versions, in case you put it in /contrib for ipset release.

Code and description are here:
https://github.com/AllKind/ipset_list

Considered 'good' versions archives are here:
https://github.com/AllKind/ipset_list/tags

Thank you for your time and interest!

Best regards

Re: Wrapper script for ipset listing

[Jozsef Kadlecsik]

On Mon, 21 Jan 2013, Born Without wrote:

> @Jozsef - please be sure to check github for eventually updated versions, in
> case you put it in /contrib for ipset release.

I'm going to add it to the next ipset release, including a reference to 
the original source at github.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary