[PATCH nft] doc: remove references to timeout in reset command

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH nft] doc: remove references to timeout in reset command
@ 2023-10-10 14:27 Pablo Neira Ayuso
  2023-10-10 14:31 ` Phil Sutter
  0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2023-10-10 14:27 UTC (permalink / raw)
  To: netfilter-devel; +Cc: fw, phil

After Linux kernel's patch ("netfilter: nf_tables: do not refresh
timeout when resetting element") timers are not reset anymore, update
documentation to keep this in sync.

Fixes: 83e0f4402fb7 ("Implement 'reset {set,map,element}' commands")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/nft.txt | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/nft.txt b/doc/nft.txt
index 7e47ca39aa93..5e6a2bb7b0b4 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -524,7 +524,7 @@ beginning of the chain or before the specified rule.
 *replace*:: Similar to *add*, but the rule replaces the specified rule.
 *delete*:: Delete the specified rule.
 *destroy*:: Delete the specified rule, it does not fail if it does not exist.
-*reset*:: Reset rule-contained state, i.e. counter and quota statement values.
+*reset*:: Reset rule-contained state, i.e. counter, limit and quota statement values.
 
 .*add a rule to ip table output chain*
 -------------
@@ -590,7 +590,7 @@ be tuned with the flags that can be specified at set creation time.
 *destroy*:: Delete the specified set, it does not fail if it does not exist.
 *list*:: Display the elements in the specified set.
 *flush*:: Remove all elements from the specified set.
-*reset*:: Reset timeout and other state in all contained elements.
+*reset*:: Reset state in all contained elements, eg. counter, limit and quota statement values.
 
 .Set specifications
 [options="header"]
@@ -640,7 +640,7 @@ Maps store data based on some specific key used as input. They are uniquely iden
 *destroy*:: Delete the specified map, it does not fail if it does not exist.
 *list*:: Display the elements in the specified map.
 *flush*:: Remove all elements from the specified map.
-*reset*:: Reset timeout and other state in all contained elements.
+*reset*:: Reset state in all contained elements, eg. counter, limit and quota statement values.
 
 .Map specifications
 [options="header"]
@@ -707,8 +707,8 @@ listed elements may already exist.
 be non-trivial in very large and/or interval sets. In the latter case, the
 containing interval is returned instead of just the element itself.
 
-*reset* command resets timeout or other state attached to the given
-element(s).
+*reset* command resets state attached to the given element(s), i.e. counter,
+limit and quota statement values.
 
 .Element options
 [options="header"]
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH nft] doc: remove references to timeout in reset command
  2023-10-10 14:27 [PATCH nft] doc: remove references to timeout in reset command Pablo Neira Ayuso
@ 2023-10-10 14:31 ` Phil Sutter
  2023-10-10 14:48   ` Florian Westphal
  0 siblings, 1 reply; 5+ messages in thread
From: Phil Sutter @ 2023-10-10 14:31 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel, fw

On Tue, Oct 10, 2023 at 04:27:04PM +0200, Pablo Neira Ayuso wrote:
> After Linux kernel's patch ("netfilter: nf_tables: do not refresh
> timeout when resetting element") timers are not reset anymore, update
> documentation to keep this in sync.

How is limit statement being reset? The dump callbacks in nft_limit.c
ignore the 'bool reset' parameter.

Cheers, Phil

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH nft] doc: remove references to timeout in reset command
  2023-10-10 14:31 ` Phil Sutter
@ 2023-10-10 14:48   ` Florian Westphal
  2023-10-10 14:58     ` Phil Sutter
  0 siblings, 1 reply; 5+ messages in thread
From: Florian Westphal @ 2023-10-10 14:48 UTC (permalink / raw)
  To: Phil Sutter, Pablo Neira Ayuso, netfilter-devel, fw

Phil Sutter <phil@nwl.cc> wrote:
> On Tue, Oct 10, 2023 at 04:27:04PM +0200, Pablo Neira Ayuso wrote:
> > After Linux kernel's patch ("netfilter: nf_tables: do not refresh
> > timeout when resetting element") timers are not reset anymore, update
> > documentation to keep this in sync.
> 
> How is limit statement being reset? The dump callbacks in nft_limit.c
> ignore the 'bool reset' parameter.

Was that deliberate?  I don't see why it would be exempt?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH nft] doc: remove references to timeout in reset command
  2023-10-10 14:48   ` Florian Westphal
@ 2023-10-10 14:58     ` Phil Sutter
  2023-10-10 16:12       ` Pablo Neira Ayuso
  0 siblings, 1 reply; 5+ messages in thread
From: Phil Sutter @ 2023-10-10 14:58 UTC (permalink / raw)
  To: Florian Westphal; +Cc: Pablo Neira Ayuso, netfilter-devel

On Tue, Oct 10, 2023 at 04:48:13PM +0200, Florian Westphal wrote:
> Phil Sutter <phil@nwl.cc> wrote:
> > On Tue, Oct 10, 2023 at 04:27:04PM +0200, Pablo Neira Ayuso wrote:
> > > After Linux kernel's patch ("netfilter: nf_tables: do not refresh
> > > timeout when resetting element") timers are not reset anymore, update
> > > documentation to keep this in sync.
> > 
> > How is limit statement being reset? The dump callbacks in nft_limit.c
> > ignore the 'bool reset' parameter.
> 
> Was that deliberate?  I don't see why it would be exempt?

One could reset internal tokens and last values, indeed. I don't see a
patch pending to do that, though.

BTW: nft also does not support for 'reset limit(s)'.

Cheers, Phil

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH nft] doc: remove references to timeout in reset command
  2023-10-10 14:58     ` Phil Sutter
@ 2023-10-10 16:12       ` Pablo Neira Ayuso
  0 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2023-10-10 16:12 UTC (permalink / raw)
  To: Phil Sutter, Florian Westphal, netfilter-devel

On Tue, Oct 10, 2023 at 04:58:20PM +0200, Phil Sutter wrote:
> On Tue, Oct 10, 2023 at 04:48:13PM +0200, Florian Westphal wrote:
> > Phil Sutter <phil@nwl.cc> wrote:
> > > On Tue, Oct 10, 2023 at 04:27:04PM +0200, Pablo Neira Ayuso wrote:
> > > > After Linux kernel's patch ("netfilter: nf_tables: do not refresh
> > > > timeout when resetting element") timers are not reset anymore, update
> > > > documentation to keep this in sync.
> > > 
> > > How is limit statement being reset? The dump callbacks in nft_limit.c
> > > ignore the 'bool reset' parameter.
> > 
> > Was that deliberate?  I don't see why it would be exempt?
> 
> One could reset internal tokens and last values, indeed. I don't see a
> patch pending to do that, though.

It should be easy to fix from kernel side, right? I can step so
remaining NFT_EXPR_STATEFUL also implement this. I mean, otherwise we
might have to document that some kernels do not support reset, some
kernel support reset of counter and quota only and some kernels fully
support all of the stateful objects :)

> BTW: nft also does not support for 'reset limit(s)'.

This can be done later from userspace. The reset for limit is a bit
special, because it currently does not exposed state information from
the listing side.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-10-10 16:12 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-10 14:27 [PATCH nft] doc: remove references to timeout in reset command Pablo Neira Ayuso
2023-10-10 14:31 ` Phil Sutter
2023-10-10 14:48   ` Florian Westphal
2023-10-10 14:58     ` Phil Sutter
2023-10-10 16:12       ` Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.