Re: [PATCH nft] doc: remove references to timeout in reset command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Tue, Oct 10, 2023 at 04:58:20PM +0200, Phil Sutter wrote:
> On Tue, Oct 10, 2023 at 04:48:13PM +0200, Florian Westphal wrote:
> > Phil Sutter <phil@xxxxxx> wrote:
> > > On Tue, Oct 10, 2023 at 04:27:04PM +0200, Pablo Neira Ayuso wrote:
> > > > After Linux kernel's patch ("netfilter: nf_tables: do not refresh
> > > > timeout when resetting element") timers are not reset anymore, update
> > > > documentation to keep this in sync.
> > > 
> > > How is limit statement being reset? The dump callbacks in nft_limit.c
> > > ignore the 'bool reset' parameter.
> > 
> > Was that deliberate?  I don't see why it would be exempt?
> One could reset internal tokens and last values, indeed. I don't see a
> patch pending to do that, though.

It should be easy to fix from kernel side, right? I can step so
remaining NFT_EXPR_STATEFUL also implement this. I mean, otherwise we
might have to document that some kernels do not support reset, some
kernel support reset of counter and quota only and some kernels fully
support all of the stateful objects :)

> BTW: nft also does not support for 'reset limit(s)'.

This can be done later from userspace. The reset for limit is a bit
special, because it currently does not exposed state information from
the listing side.

[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux