netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Gopal Yadav <gopunop@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [nftables] dynamic flag missing from wiki and using counter
Date: Fri, 25 Sep 2020 15:28:21 +0530	[thread overview]
Message-ID: <CAAUOv8hCduUMOOdJktn6YJpdqDWnO9qinhAuBVfkh71A0vMoWA@mail.gmail.com> (raw)

Hi,

To solve this issue https://bugzilla.netfilter.org/show_bug.cgi?id=1462
I am trying to create a rule just like the one mentioned in the bug report.

table inet dev {
    set ports_udp {
        type inet_service
        size 65536
        flags dynamic,timeout
        timeout 30d
        elements = { 53 expires 29d23h58m25s672ms counter packets 35
bytes 2515, 389 expires 29d23h59m15s144ms counter packets 1 bytes 80,
515 expires 29d23h56m14s136ms counter packets 1 bytes 57, 1194 expires
29d23h58m18s460ms counter packets 2 bytes 84, 1504 expires
29d23h51m14s28ms counter packets 1 bytes 223,
   ...
}

To create the above I am doing:

nft add table inet dev
nft add set inet dev ports_udp { type inet_service\; size 65536\;
flags dynamic, timeout\; timeout 30d\; }

1) There is no mention of the "dynamic" flag at
https://wiki.nftables.org/wiki-nftables/index.php/Sets#Named_sets_specifications.
What does it do and how is it useful?


2) I understand this statement "53 expires 29d23h58m25s672ms counter
packets 35 bytes 2515" as
"This element expires in 29d23h58m25s672ms and at port 53(DNS) we have
received/sent 35 packets which make a total of 2515 bytes."

Is my understanding of "counter" correct? are those packets received
or sent or both? And how to apply a counter to an element in a set?

Thanks
Gopal

                 reply	other threads:[~2020-09-25  9:58 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAUOv8hCduUMOOdJktn6YJpdqDWnO9qinhAuBVfkh71A0vMoWA@mail.gmail.com \
    --to=gopunop@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).