diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-28 16:23:25 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-28 16:48:22 +0100 |
commit | 2b41e3c411f5367ee4da5153147c2586e71dfa9d (patch) | |
tree | 201eb5dba8f5cb309991684b34bdc3847127c7b1 /src/scanner.l | |
parent | ddb962604cda323f15589f3b424c4618db7494de (diff) |
src: add last statement
This new statement allows you to know how long ago there was a matching
packet.
# nft list ruleset
table ip x {
chain y {
[...]
ip protocol icmp last used 49m54s884ms counter packets 1 bytes 64
}
}
if this statement never sees a packet, then the listing says:
ip protocol icmp last used never counter packets 0 bytes 0
Add tests/py in this patch too.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/scanner.l')
-rw-r--r-- | src/scanner.l | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/scanner.l b/src/scanner.l index bc5b5b62..15ca3d46 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -206,6 +206,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %s SCANSTATE_IGMP %s SCANSTATE_IP %s SCANSTATE_IP6 +%s SCANSTATE_LAST %s SCANSTATE_LIMIT %s SCANSTATE_META %s SCANSTATE_POLICY @@ -402,6 +403,11 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) <SCANSTATE_COUNTER,SCANSTATE_CT,SCANSTATE_LIMIT>"packets" { return PACKETS; } <SCANSTATE_COUNTER,SCANSTATE_CT,SCANSTATE_LIMIT,SCANSTATE_QUOTA>"bytes" { return BYTES; } +"last" { scanner_push_start_cond(yyscanner, SCANSTATE_LAST); return LAST; } +<SCANSTATE_LAST>{ + "never" { return NEVER; } +} + <SCANSTATE_CMD_LIST,SCANSTATE_CMD_RESET>{ "counters" { return COUNTERS; } "quotas" { return QUOTAS; } @@ -437,10 +443,11 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "quota" { scanner_push_start_cond(yyscanner, SCANSTATE_QUOTA); return QUOTA; } <SCANSTATE_QUOTA>{ - "used" { return USED; } "until" { return UNTIL; } } +<SCANSTATE_QUOTA,SCANSTATE_LAST>"used" { return USED; } + "hour" { return HOUR; } "day" { return DAY; } |