[Bug 1314] nft reset quotas does not reset anonymous quotas

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Jul 15 13:34:12 CEST 2019


Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
             Status|NEW                         |ASSIGNED
                 CC|                            |pablo at netfilter.org

--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to Florian Westphal from comment #1)
> (In reply to Daniel from comment #0)
> > supposing that I have a quota myquota then
> > 
> > meta mark 0x123 quota named myquota
> > 
> > will count the packets. and "nft reset quotas" will reset the quota
> > 
> > Suppose instead I want to use an anonymous quota to drop packets
> > 
> > meta mark 0x123 quota over 1500 mbytes drop
> > 
> > works, but "nft reset quotas" DOES NOT reset the quota.
> Pablo, any suggestion?
> I think that resetting anon counter/quotas too makes sense,
> at least I'd expect it to work that way.
> I can have a look at this, just let me know if you agree with resetting
> the anon ones too.

This probably requires a new command, since NFT_MSG_GETOBJ_RESET assumes there
is an object in place.

This new anonymous object cannot be listed, so you cannot dump its content. So
you cannot inspect stateful information for this anonymous quota.

@Daniel: What prevents you from defining a named quota to achieve what you

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190715/e3f77e5d/attachment.html>

More information about the netfilter-buglog mailing list