nft set statistics/info - Florian Westphal

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: netfilter-devel@vger.kernel.org
Subject: nft set statistics/info
Date: Thu, 14 Nov 2024 12:34:41 +0100	[thread overview]
Message-ID: <20241114113441.GA25382@breakpoint.cc> (raw)

Hello,

nftables hides set details from userspace, in particular,
the backend that is used to store set elements.

For debugging it would be good to export the chosen
backend to userspace.

Another item i'd like to export is set->nelems counter.

Before I start working on this, how should that look like?

Option 1 is to just include two exta attributes in nf_tables_fill_set().

We could restrict it to nft --debug=netlink so the information isn't
shown by nftables but by libnftnl.

Option 2 is to add a new type of GET request that only dumps
such extra set info.  Frontend could then support something like

nft get setinfo inet mytable set3

which would dump the set backend name and the set->nelems counter.

Yet another option would be to include the info in normal
list ruleset/list sets etc, but print it just like a comment, e.g.

 nft list ruleset
table inet t {
        set s1 {
                type ipv4_addr			# nft_rbtree_lookup
                flags interval
                elements = { 10.0.0.0-11.0.0.0, 172.16.0.0/16 }
		# nelems 4
        }

Whats your take on this?

next             reply	other threads:[~2024-11-14 11:34 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-14 11:34 Florian Westphal [this message]
2024-11-14 13:14 ` nft set statistics/info Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241114113441.GA25382@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.