Re: Sets update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Dňa Sun, 21 Jul 2024 10:58:30 +0100 "Kerin Millar" <kfm@xxxxxxxxxxxxx>
napísal:

> Mind you, it gets worse. While the nft utility supports a JSON output
> mode to ease parsing, its output is less accurate than the
> conventional output mode in so far as all "timeout" and "expires"
> values are truncated to integer seconds and conveyed as JSON integers.

Even worse, the JSON output lacks counters at all, the nft output:

    ...
    elements = { IP.AD.DR.ES last used never counter packets 0 bytes 0\
                     expires 1d23h36m40s340ms
    ...

But JSON output lacks counters:

    nft -j list set ... | jq '.nftables[] | select(.set != null).set.elem[0]'
    { "elem": {
        "val": "IP.AD.DR.ES",
        "expires": 171653,
        "last": null
      }
    }

And yes, error messages are more than cryptic... We was talking about
memory usage, and my first attempt to add/update list of ~2700 items
ended with "Out of memory" error. First i was shocked, 2700 items
consumes 6GB RAM??? It took some time to realize, that i had duplicate
IPs in list. Really not helpful error message, and one element per line
doesn't help with that...

regards

-- 
Slavko
https://www.slavino.sk

Attachment: pgpqpZYx_bmTC.pgp
Description: Digitálny podpis OpenPGP


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux