iptables-related plugins: use "-w" for consistent results

The parameter "-w" forces iptables to wait for a lock before printing data. The parameter requires iptables 1.6 (released 2015). See https://github.com/munin-monitoring/munin/issues/586
2025-07-21 18:41:03 +00:00 · 2018-02-24 22:58:04 +01:00 · 2018-02-24 22:58:04 +01:00 · c9157be3fe
commit c9157be3fe
parent 0b07e636e2
7 changed files with 31 additions and 31 deletions
--- a/plugins/network/fwbuilder_
+++ b/plugins/network/fwbuilder_
@ -61,7 +61,7 @@ IP=${IP/-/\/}

 if [ "$1" = "autoconf" ]; then
 	if [ -r /proc/net/dev ]; then
-		iptables -L INPUT -v -n -x >/dev/null 2>/dev/null
+		iptables -L INPUT -v -n -x -w >/dev/null 2>/dev/null
 		if [ $? -gt 0 ]; then
 			echo "no (could not run iptables as user `whoami`)"
 			exit 1
@ -77,7 +77,7 @@ fi

 if [ "$1" = "suggest" ]; then
 	# find Chains for Accounting
-	iptables -L -n |grep ^ACCOUNTING |awk '{printf "%s\n%s\n",$4,$5}'| sort -u |sed 's#\/#-#'
+	iptables -L -n -w | grep ^ACCOUNTING |awk '{printf "%s\n%s\n",$4,$5}'| sort -u |sed 's#\/#-#'
 	exit 0
 fi

@ -99,6 +99,6 @@ if [ "$1" = "config" ]; then
        exit 0
 fi;

-echo "in.value $(( $(iptables -L -n -v -x |grep "ACCOUNTING" |awk '{printf "%s %s\n",$2,$9}' |grep $IP |awk '{printf "%s + ",$1}') 0 ))"
-echo "out.value $(( $(iptables -L -n -v -x |grep "ACCOUNTING" |awk '{printf "%s %s\n",$2,$8}' |grep $IP |awk '{printf "%s + ",$1}') 0 ))"
+echo "in.value $(( $(iptables -L -n -v -x -w | grep "ACCOUNTING" | awk '{printf "%s %s\n",$2,$9}' | grep $IP | awk '{printf "%s + ",$1}') 0 ))"
+echo "out.value $(( $(iptables -L -n -v -x -w |grep "ACCOUNTING" | awk '{printf "%s %s\n",$2,$8}' | grep $IP | awk '{printf "%s + ",$1}') 0 ))"

--- a/plugins/network/ipt_accounting_
+++ b/plugins/network/ipt_accounting_
@ -42,7 +42,7 @@ ACC=`basename $0 | sed 's/^ipt_accounting_//g'`

 if [ "$1" = "autoconf" ]; then
        if [ -r /proc/net/dev ]; then
-                iptables -L INPUT -v -n -x >/dev/null 2>/dev/null
+                iptables -L INPUT -v -n -x -w >/dev/null 2>/dev/null
                if [ $? -gt 0 ]; then
                        echo "no (could not run iptables as user `whoami`)"
                        exit 1
@ -57,7 +57,7 @@ if [ "$1" = "autoconf" ]; then
 fi

 if [ "$1" = "suggest" ]; then
-        iptables -L INPUT -v -x -n 2>/dev/null | sed -n 's/^.*\/\* ACC\-\([a-zA-Z]*\) \*\/.*$/\1/p'
+        iptables -L INPUT -v -x -n -w 2>/dev/null | sed -n 's/^.*\/\* ACC\-\([a-zA-Z]*\) \*\/.*$/\1/p'
        exit 0
 fi

@ -79,5 +79,5 @@ if [ "$1" = "config" ]; then
        exit 0
 fi;

-iptables -L INPUT -v -n -x | grep -m1 "\/\* ACC\-"$ACC" \*\/" | awk "{ print \"in.value \" \$2 }"
-iptables -L OUTPUT -v -n -x | grep -m1 "\/\* ACC\-"$ACC" \*\/" | awk "{ print \"out.value \" \$2 }"
+iptables -L INPUT -v -n -x -w | grep -m1 "\/\* ACC\-"$ACC" \*\/" | awk "{ print \"in.value \" \$2 }"
+iptables -L OUTPUT -v -n -x -w | grep -m1 "\/\* ACC\-"$ACC" \*\/" | awk "{ print \"out.value \" \$2 }"
--- a/plugins/network/ipt_basic_
+++ b/plugins/network/ipt_basic_
@ -45,7 +45,7 @@ iptables='/sbin/iptables'

 if [ "$1" = "autoconf" ]; then
 	if [ -r /proc/net/dev ]; then
-		RES=`$iptables -L $TNAME -nvx 2>&1 >/dev/null`
+		RES=`$iptables -L $TNAME -nvx -w 2>&1 >/dev/null`
 		if [ $? -gt 0 ]; then
 			echo "no (could not run iptables as user `whoami`; $RES)"
 			exit 1
@ -79,7 +79,7 @@ if [ "$1" = "initialise" ]; then
 	exit 1
 fi

-IFACES=`$iptables -L munin_node -nvx | awk '$6 ~ /(eth|ppp)[0-9]/ { if (done[$6]!=1) {print $6; done[$6]=1;}}'`
+IFACES=`$iptables -L munin_node -nvx -w | awk '$6 ~ /(eth|ppp)[0-9]/ { if (done[$6]!=1) {print $6; done[$6]=1;}}'`

 if [ "$1" = "config" ]; then

@ -108,7 +108,7 @@ if [ "$1" = "config" ]; then
 fi;

 if [ "$TYPE" = "pkts" ]; then
-	$iptables -L munin_node -nvx | egrep "eth|ppp" | awk "{ print \$6 \".value \" \$1 }"
+	$iptables -L munin_node -nvx -w | egrep "eth|ppp" | awk "{ print \$6 \".value \" \$1 }"
 else
-	$iptables -L munin_node -nvx | egrep "eth|ppp" | awk "{ print \$6 \".value \" \$2 }"
+	$iptables -L munin_node -nvx -w | egrep "eth|ppp" | awk "{ print \$6 \".value \" \$2 }"
 fi
--- a/plugins/network/traffic_ipt
+++ b/plugins/network/traffic_ipt
@ -110,7 +110,7 @@ ipv6=0
 diffv4=0
 diffv6=0

-IPv4_bytes=$(iptables -L -n -v -x | egrep '^\W*[0-9]+\W+[0-9]+\W+all\W+--\W+\*\W+\*\W+0.0.0.0/0\W+0.0.0.0/0\W*$' | while read pkts bytes rest; do echo $bytes; done)
+IPv4_bytes=$(iptables -L -n -v -x -w | egrep '^\W*[0-9]+\W+[0-9]+\W+all\W+--\W+\*\W+\*\W+0.0.0.0/0\W+0.0.0.0/0\W*$' | while read pkts bytes rest; do echo $bytes; done)
 if [ -z "$IPv4_bytes" ];
 then
 	echo "W: Unable to read rule from iptables, please add rules" >&2
@ -118,7 +118,7 @@ else
 	ipv4=$(echo $IPv4_bytes | sed -e 's/ / + /' | bc -l)
 fi

-IPv6_bytes=$(ip6tables -L -n -v -x | egrep '^\W*[0-9]+\W+[0-9]+\W+all\W+\*\W+\*\W+::/0\W+::/0\W*$' | while read pkts bytes rest; do echo $bytes; done)
+IPv6_bytes=$(ip6tables -L -n -v -x -w | egrep '^\W*[0-9]+\W+[0-9]+\W+all\W+\*\W+\*\W+::/0\W+::/0\W*$' | while read pkts bytes rest; do echo $bytes; done)
 if [ -z "$IPv6_bytes" ];
 then
 	echo "W: Unable to read rule from ip6tables, please add rules" >&2