On Mon, Jan 12, 2015 at 12:48:35PM +0100, Arturo Borrero Gonzalez wrote:
> On 12 January 2015 at 11:55, <ana@xxxxxxxxx> wrote:
> >
> > table ip filter {
> > acct http-traffic { pkts 779 bytes 99495}
> > acct https-traffic { pkts 189 bytes 37824}
> >
> > chain output {
> > type filter hook output priority 0;
> > tcp dport http acct http-traffic
> > tcp dport https acct https-traffic
> > }
> > }
> >
>
> Interesting, Ana!
>
> I understand that acct objects are bounded to a table/family.
> Why not make them globals? So we could increment same counters from
> different families/tables.
Indeed. The existing binding between acct and tables is superfluous.
With sets, we need that to check for loops in verdict maps.
So counters can become also top-level identifier as it happens with
tables, ie.
counters {
http-traffic { pkts 779 bytes 99495}
acct https-traffic { pkts 189 bytes 37824}
}
table ip filter {
chain output {
type filter hook output priority 0;
tcp dport http counter http-traffic
tcp dport https counter https-traffic
}
}
Patrick, any comment on that?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
