diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-28 16:23:25 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-28 16:48:22 +0100 |
| commit | 2b41e3c411f5367ee4da5153147c2586e71dfa9d (patch) | |
| tree | 201eb5dba8f5cb309991684b34bdc3847127c7b1 /src/statement.c | |
| parent | ddb962604cda323f15589f3b424c4618db7494de (diff) | |
src: add last statement
This new statement allows you to know how long ago there was a matching
packet.
# nft list ruleset
table ip x {
chain y {
[...]
ip protocol icmp last used 49m54s884ms counter packets 1 bytes 64
}
}
if this statement never sees a packet, then the listing says:
ip protocol icmp last used never counter packets 0 bytes 0
Add tests/py in this patch too.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/statement.c')
| -rw-r--r-- | src/statement.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/statement.c b/src/statement.c index eafc51c4..72455522 100644 --- a/src/statement.c +++ b/src/statement.c @@ -249,6 +249,36 @@ struct stmt *counter_stmt_alloc(const struct location *loc) return stmt; } +static void last_stmt_print(const struct stmt *stmt, struct output_ctx *octx) +{ + nft_print(octx, "last"); + + if (nft_output_stateless(octx)) + return; + + nft_print(octx, " used "); + + if (stmt->last.set) + time_print(stmt->last.used, octx); + else + nft_print(octx, "never"); +} + +static const struct stmt_ops last_stmt_ops = { + .type = STMT_LAST, + .name = "last", + .print = last_stmt_print, +}; + +struct stmt *last_stmt_alloc(const struct location *loc) +{ + struct stmt *stmt; + + stmt = stmt_alloc(loc, &last_stmt_ops); + stmt->flags |= STMT_F_STATEFUL; + return stmt; +} + static const char *objref_type[NFT_OBJECT_MAX + 1] = { [NFT_OBJECT_COUNTER] = "counter", [NFT_OBJECT_QUOTA] = "quota", |