<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - add elements with counter to dynamic sets with"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1411">1411</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>add elements with counter to dynamic sets with
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>x86_64
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>nft
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>karel@unitednetworks.cz
</td>
</tr></table>
<p>
<div>
<pre>Few years ago I have proposed hit counters to set items:
<a class="bz_bug_link
bz_status_ASSIGNED "
title="ASSIGNED - counter flag proposal for sets and maps"
href="show_bug.cgi?id=1185">https://bugzilla.netfilter.org/show_bug.cgi?id=1185</a>
Now when we have dynamic sets that replaced meters, and lookups are already
allowed for these sets, maybe it is a time to add "hit" counters in set items,
which will increase by 1 when lookup is successful.
Meters (dynamic sets) already have "add/update" counters, so you can see how
many times given item was added/updated. But when you add this item manually
and not from packet path, this counter is missing:
**********************
# setup dynamic set
nft add table t
nft add chain t c { type filter hook input priority 0\; }
nft add set t dynset { type ipv4_addr\; flags dynamic\; }
nft add rule t c add @dynset { ip saddr counter }
# ping 8.8.8.8
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=6.05 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=50 time=5.05 ms
^C
# list dynamic set, see "add" counter
nft list set t dynset
table ip t {
set dynset {
type ipv4_addr
size 65535
flags dynamic
elements = { 8.8.8.8 counter packets 2 bytes 168 }
}
}
# now add set item manually
nft add element t dynset { 8.8.4.4 }
# ping 8.8.4.4
ping 8.8.4.4
PING 8.8.4.4 (8.8.4.4) 56(84) bytes of data.
64 bytes from 8.8.4.4: icmp_seq=1 ttl=50 time=4.91 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=50 time=6.70 ms
^C
# and list dynamic set again, see counter is missing from manually added item
nft list set t dynset
table ip t {
set dynset {
type ipv4_addr
size 65535
flags dynamic
elements = { 8.8.4.4, 8.8.8.8 counter packets 2 bytes 168 }
}
}
**********************
For me it looks like inconsistency. Manually added items should have counters
too. So all elements in dynamic sets should have "add/update" counters
regardless of how they were added to set (from packet path or manually).
And I am again proposing "hit" counters to set items, maybe with flag
"counter".
Actually ideal solution would be to have two counter set/map flags:
hit counter - +1 when successful lookup
add counter - +1 when add/update (regardless if manually or from packet path)
It would apply to all sets/maps, not even dynamic ones.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>