Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> * List existing named counters:
>
> # nft lists counters
> table ip filter {
> counter tcp-counter {
> packets 6086 bytes 6278052
> }
> counter udp-counter {
> packets 272 bytes 64690
> }
> counter icmp-counter {
> packets 10 bytes 840
> }
> }
So if we extend this scheme to all (stateful) expressions we'll have to
add 'nft list limits' (or whatever).
Do you think it makes sense to represent this in a more generic fashion?
nft list tables
nft list chains
Maybe add
nft list expressions
?
> The snippet below shows a simplistic configuration to account tcp, udp
> and icmp traffic through the named counter:
>
> -o-
> table ip filter {
> counter tcp-counter {
> packets 6086 bytes 6278052
> }
So this could f.e. look like
expression tcp-counter {
counter packets 6086 bytes 6278052
}
(and tcp-counter is just some identifier).
> support named limits. I have another (imcomplete) patch that allows to
> update the named expressions parameters, this can be useful to
> dynamically update the ratelimiting policies, the command line should
> look like:
>
> # nft update limit name user01234 rate 250 mbytes/day
nft update expression user01234 rate 250 mbytes/day
(or perhaps
nft update expression user01234 limit rate 250 mbytes/day
not sure if we want to allow replacing the (internal) expression
stored in a named expression with a different one....)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
