[Bug 1185] counter flag proposal for sets and maps

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Oct 17 12:53:12 CEST 2017


https://bugzilla.netfilter.org/show_bug.cgi?id=1185

--- Comment #6 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to Karel Rericha from comment #5)
> (In reply to Pablo Neira Ayuso from comment #4)
> > (In reply to Karel Rericha from comment #3)
> > > Actually on second thought I just want to know, how many times set or map
> > > element was hit.
> > 
> > I see. So it would be a global counter for this set/map that updated if an
> > element lookup succeeds.
> > 
> > Right?
> 
> No, separate counter for each element. Definition could look like:
> 
> table x {
>     chain y {
>         ...
>         set s {
>             type ipv4_addr . type ipv4_addr; flags counter;
>         }
> 
>         map m {
>             type inet_service : ipv4_addr; flags counter;
>         }
>     }
> }

OK, we can do this via anonymous stateful objects, needs to be implemented.

We can also support it with maps like this, proposed syntax (please suggest any
better if you like):

         map m {
             type inet_service : ipv4_addr, counter;
         }

Where the counter is an anonymous stateful object.

Semantics would be:

1) Look up for inet_service key.
2) If found, bump counter and then fetch ipv4_addr in the mapping.

Let me know.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171017/59011c1a/attachment.html>


More information about the netfilter-buglog mailing list