* [nftables] dynamic flag missing from wiki and using counter
@ 2020-09-25 9:58 Gopal Yadav
0 siblings, 0 replies; only message in thread
From: Gopal Yadav @ 2020-09-25 9:58 UTC (permalink / raw)
To: netfilter-devel
Hi,
To solve this issue https://bugzilla.netfilter.org/show_bug.cgi?id=1462
I am trying to create a rule just like the one mentioned in the bug report.
table inet dev {
set ports_udp {
type inet_service
size 65536
flags dynamic,timeout
timeout 30d
elements = { 53 expires 29d23h58m25s672ms counter packets 35
bytes 2515, 389 expires 29d23h59m15s144ms counter packets 1 bytes 80,
515 expires 29d23h56m14s136ms counter packets 1 bytes 57, 1194 expires
29d23h58m18s460ms counter packets 2 bytes 84, 1504 expires
29d23h51m14s28ms counter packets 1 bytes 223,
...
}
To create the above I am doing:
nft add table inet dev
nft add set inet dev ports_udp { type inet_service\; size 65536\;
flags dynamic, timeout\; timeout 30d\; }
1) There is no mention of the "dynamic" flag at
https://wiki.nftables.org/wiki-nftables/index.php/Sets#Named_sets_specifications.
What does it do and how is it useful?
2) I understand this statement "53 expires 29d23h58m25s672ms counter
packets 35 bytes 2515" as
"This element expires in 29d23h58m25s672ms and at port 53(DNS) we have
received/sent 35 packets which make a total of 2515 bytes."
Is my understanding of "counter" correct? are those packets received
or sent or both? And how to apply a counter to an element in a set?
Thanks
Gopal
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-09-25 9:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-09-25 9:58 [nftables] dynamic flag missing from wiki and using counter Gopal Yadav
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).