[Bug 1401] New: Discretely resetting anonymous counters is impossible
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Jan 28 21:40:05 CET 2020
https://bugzilla.netfilter.org/show_bug.cgi?id=1401
Bug ID: 1401
Summary: Discretely resetting anonymous counters is impossible
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: kfm at plushkava.net
As compared to iptables, this is the most surprising limitation of nftables
that I've encountered yet. Per the summary, there appears to be no way of
resetting anonymous counters.
I'm aware of the existence of named counters and that's a fine feature.
However, the use of named counters adds unnecessary complexity to rulesets that
would otherwise have no need of them. I realise that the design of nftables
might not lend itself as well to working with anonymous counters, but to anyone
familiar with iptables -Z, this would seem like a significant feature
ommission.
As an aside, the documentation for the functionality that currently is
supported is unclear. The grammar for the reset verb is described as:
{add | delete | list | reset} type [family] table object
It took some trial and error on my part to realise that "nft reset counters" is
actually a supported command, although it only works for named counters. Here
are the issues with the man page:
• it makes it look as though table and object are mandatory (but they are not)
• it does not make it apparent that "counters" is supported as the type
In fact, there are only two incidences of the word, counters, in the entire man
page. One of these is is in reference to the "list counters" command and the
other is in an incidental sentence concerning the "monitor ruleset" command.
My enhancement request is as follows:
• "nft reset counters" resets all counters (not just the named ones)
• "nft reset counters [family] table" resets anonmyous counters in the given
table
• "nft reset counters [family] table object" resets anonymous counters in the
given chain object
• if possible, add a means to reset the anonymous counters of a given rule
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200128/ae7359fa/attachment.html>
More information about the netfilter-buglog
mailing list