src: support for restoring element counters

This patch allows you to restore counters in dynamic sets: table ip test { set test { type ipv4_addr size 65535 flags dynamic,timeout timeout 30d gc-interval 1d elements = { 192.168.10.13 expires 19d23h52m27s576ms counter packets 51 bytes 17265 } } chain output { type filter hook output priority 0; update @test { ip saddr } } } You can also add counters to elements from the control place, ie. table ip test { set test { type ipv4_addr size 65535 elements = { 192.168.2.1 counter packets 75 bytes 19043 } } chain output { type filter hook output priority filter; policy accept; ip daddr @test } } Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2020-03-11 13:00:01 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-03-18 19:10:02 +0100
commit: 1fe6089ddd87ee7869d24c0f8849951220cc9b85 (patch)
tree: 5d46d6d74efac46d27e0605c1b50cb7ac08620db /src/netlink.c
parent: 3f3e897f429659ff6c8387245d0d4115952a6c31 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/netlink.c b/src/netlink.c
index 671923f3..e10af564 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -138,6 +138,9 @@ static struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *set,
 	if (elem->expiration)
 		nftnl_set_elem_set_u64(nlse, NFTNL_SET_ELEM_EXPIRATION,
 				       elem->expiration);
+	if (elem->stmt)
+		nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_EXPR,
+				   netlink_gen_stmt_stateful(elem->stmt), 0);
 	if (elem->comment || expr->elem_flags) {
 		udbuf = nftnl_udata_buf_alloc(NFT_USERDATA_MAXLEN);
 		if (!udbuf)
author	Pablo Neira Ayuso <pablo@netfilter.org>	2020-03-11 13:00:01 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-03-18 19:10:02 +0100
commit	1fe6089ddd87ee7869d24c0f8849951220cc9b85 (patch)
tree	5d46d6d74efac46d27e0605c1b50cb7ac08620db /src/netlink.c
parent	3f3e897f429659ff6c8387245d0d4115952a6c31 (diff)