authorJozsef Kadlecsik <>2020-03-09 12:01:42 +0100
committerJozsef Kadlecsik <>2020-03-09 12:01:42 +0100
Introduce --update-counters-first flag for the set target
Stefano Brivio reported that the patch 'netfilter: ipset: Fix "don't update counters" mode when counters used at the matching' changed the semantic of when the counters are updated. Before the patch the counters were updated regardless of the results of the counter matches, after the patch the counters were updated only if the counter match conditions (if specified) matched the packet. In order to handle both ways, the --update-counters-first flag is introduced: when the flag is specified, the counters are updated before checking the counter match conditions. Without the flag the current evaluation path (i.e. update only if counter conditions match) works. Signed-off-by: Jozsef Kadlecsik <>
