From: Florian Westphal <fw@strlen.de>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH RFC nf-next 0/3] named expressions for nf_tables
Date: Fri, 8 Apr 2016 14:12:48 +0200 [thread overview]
Message-ID: <20160408121248.GB6526@breakpoint.cc> (raw)
In-Reply-To: <1459961493-7494-1-git-send-email-pablo@netfilter.org>
Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> * List existing named counters:
>
> # nft lists counters
> table ip filter {
> counter tcp-counter {
> packets 6086 bytes 6278052
> }
> counter udp-counter {
> packets 272 bytes 64690
> }
> counter icmp-counter {
> packets 10 bytes 840
> }
> }
So if we extend this scheme to all (stateful) expressions we'll have to
add 'nft list limits' (or whatever).
Do you think it makes sense to represent this in a more generic fashion?
nft list tables
nft list chains
Maybe add
nft list expressions
?
> The snippet below shows a simplistic configuration to account tcp, udp
> and icmp traffic through the named counter:
>
> -o-
> table ip filter {
> counter tcp-counter {
> packets 6086 bytes 6278052
> }
So this could f.e. look like
expression tcp-counter {
counter packets 6086 bytes 6278052
}
(and tcp-counter is just some identifier).
> support named limits. I have another (imcomplete) patch that allows to
> update the named expressions parameters, this can be useful to
> dynamically update the ratelimiting policies, the command line should
> look like:
>
> # nft update limit name user01234 rate 250 mbytes/day
nft update expression user01234 rate 250 mbytes/day
(or perhaps
nft update expression user01234 limit rate 250 mbytes/day
not sure if we want to allow replacing the (internal) expression
stored in a named expression with a different one....)
next prev parent reply other threads:[~2016-04-08 12:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-06 16:51 [PATCH RFC nf-next 0/3] named expressions for nf_tables Pablo Neira Ayuso
2016-04-06 16:51 ` [PATCH RFC nf-next 1/3] netfilter: nf_tables: add stateful named expressions Pablo Neira Ayuso
2016-04-06 16:51 ` [PATCH RFC nf-next 2/3] netfilter: nf_tables: support for named expression reference Pablo Neira Ayuso
2016-04-06 16:51 ` [PATCH RFC nf-next 3/3] netfilter: nf_tables: support dump and reset for named expressions Pablo Neira Ayuso
2016-04-07 21:49 ` [PATCH RFC nf-next 0/3] named expressions for nf_tables Florian Westphal
2016-04-08 11:43 ` Pablo Neira Ayuso
2016-04-08 12:04 ` Florian Westphal
2016-04-08 12:12 ` Florian Westphal [this message]
2016-04-11 15:27 ` Andreas Schultz
2016-04-19 19:46 ` Pablo Neira Ayuso
2016-04-20 6:41 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160408121248.GB6526@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.