[Bug 1401] New: Discretely resetting anonymous counters is impossible

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Jan 28 21:40:05 CET 2020


https://bugzilla.netfilter.org/show_bug.cgi?id=1401

            Bug ID: 1401
           Summary: Discretely resetting anonymous counters is impossible
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: kfm at plushkava.net

As compared to iptables, this is the most surprising limitation of nftables
that I've encountered yet. Per the summary, there appears to be no way of
resetting anonymous counters.

I'm aware of the existence of named counters and that's a fine feature.
However, the use of named counters adds unnecessary complexity to rulesets that
would otherwise have no need of them. I realise that the design of nftables
might not lend itself as well to working with anonymous counters, but to anyone
familiar with iptables -Z, this would seem like a significant feature
ommission.

As an aside, the documentation for the functionality that currently is
supported is unclear. The grammar for the reset verb is described as:

  {add | delete | list | reset} type [family] table object

It took some trial and error on my part to realise that "nft reset counters" is
actually a supported command, although it only works for named counters. Here
are the issues with the man page:

• it makes it look as though table and object are mandatory (but they are not)
• it does not make it apparent that "counters" is supported as the type

In fact, there are only two incidences of the word, counters, in the entire man
page. One of these is is in reference to the "list counters" command and the
other is in an incidental sentence concerning the "monitor ruleset" command.

My enhancement request is as follows:

• "nft reset counters" resets all counters (not just the named ones)
• "nft reset counters [family] table" resets anonmyous counters in the given
table
• "nft reset counters [family] table object" resets anonymous counters in the
given chain object
• if possible, add a means to reset the anonymous counters of a given rule

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200128/ae7359fa/attachment.html>


More information about the netfilter-buglog mailing list