Hi Florian,
On Wed, Nov 20, 2024 at 11:02:16AM +0100, Florian Westphal wrote:
> Honor --debug=netlink flag also when doing initial set dump
> from the kernel.
>
> With recent libnftnl update this will include the chosen
> set backend name that is used by the kernel.
>
> Because set names are scoped by table and protocol family,
> also include the family protocol number.
>
> Dumping this information breaks tests/py as the recorded
> debug output no longer matches, this is fixed in previous
> change.
table ip x {
set y {
type ipv4_addr
size 256 # count 128
...
We have to exposed the number of elements counter. I think this can be
exposed if set declaration provides size (or default size is used).
And update nftables manpage:
"When listing the set, the element count is larger than the listed
number of elements for sets: the number of elements in the set is
updated when elements added/deleted to the set and periodically when
the garbage collector evicts the timed out elements."
P.S: Yes, I changed my mind on this :)
