From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Westphal Subject: Re: Re: nft show counter Date: Thu, 1 Apr 2021 22:03:33 +0200 Message-ID: <20210401200333.GH13699@breakpoint.cc> References: <20210331214053.GB13699@breakpoint.cc> <20210401181414.GF13699@breakpoint.cc> <902B82E6-79AE-4C04-B2CA-C860662911EC@public-files.de> Mime-Version: 1.0 Return-path: Content-Disposition: inline In-Reply-To: <902B82E6-79AE-4C04-B2CA-C860662911EC@public-files.de> List-ID: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Frank Wunderlich Cc: Florian Westphal , Frank Myhr , netfilter@vger.kernel.org Frank Wunderlich wrote: > Am 1. April 2021 20:14:14 MESZ schrieb Florian Westphal : > >map voipcounters { > > type ipv4_addr . inet_service : counter > > elements = { 10.0.1.1 . 5160 : "voip1", 10.2.1.1 . 5161 : ... > > > >and then count with one rule only: > > > >counter name ip saddr . udp dport map @voipcounters > > Have seen maps,but have not understood them :( Its just a set that returns a value instead of simple 'in set/not in set'. > The ip is always same ($ipvoipbox),only port differs (sip1+sip2) and this bidirectional (saddr/daddr,sport/dport) to catch traffic from/to this ip separated by sip-streams. > > Your example seems to match only source-addr and destination port. Yes, it was an example. > Maybe its possible to match "addr" (saddr or daddr) and "port" (sport or dport),so i can have only 2 rules...with map maybe only 1 There is no 'or', so you will need two rules at a minimum if you want to match in either direction. map voipcounters { type inet_service : counter elements = { 5160 : "voip1", 5161 : "voip2" } } ip saddr $ipvoipbox counter name udp sport map @voipcounters ip daddr $ipvoipbox counter name udp dport map @voipcounters This says 'fetch name of counter to use from @voipcounters, with 'udp sport/udp dport' as search key. but with just two counters its not worth it.