On Fri, Jan 13, 2017 at 12:50:58PM -0200, Elise Lennion wrote:
> Currently only counter and quota have stateful information.
>
> Standard list ruleset:
>
> table ip x {
> chain y {
> type filter hook output priority 0; policy accept;
> tcp dport https counter packets 149 bytes 10085
> tcp dport https quota 1025 mbytes used 9 kbytes
> }
> }
>
> With stateless option, -s:
>
> table ip x {
> chain y {
> type filter hook output priority 0; policy accept;
> tcp dport https counter
> tcp dport https quota 1025 mbytes
> }
> }
This looks fine.
But you also have to update obj_print_data().
Stateful objects is a new thing, so please make sure you run a fresh
kernel, latest libnftnl and nft. You have examples here:
http://marc.info/?l=netfilter-devel&m=148029128323837&w=2
Note: For stateful counter with a name, at this stage, probably best
thing is to display 0 both for packets and bytes instead of removing
them, ie.
# nft list counters
table ip filter {
counter http-traffic {
packets 0 bytes 0
}
}
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
