diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-03-06 17:48:58 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-03-12 23:35:33 +0100 |
commit | b8f8ddfff7335d3a8bebf5d85085974ae36f4099 (patch) | |
tree | a7308bfb5a5a5de4397ab88de2bbddf9d53c0a14 /tests/shell/testcases/sets/dumps/0038meter_list_0.json-nft | |
parent | e828d933424470b495feb841b67b70ba216e8ecb (diff) |
evaluate: translate meter into dynamic set
129f9d153279 ("nft: migrate man page examples with `meter` directive to
sets") already replaced meters by dynamic sets.
This patch removes NFT_SET_ANONYMOUS flag from the implicit set that is
instantiated via meter, so the listing shows a dynamic set instead which
is the recommended approach these days.
Therefore, a batch like this:
add table t
add chain t c
add rule t c tcp dport 80 meter m size 128 { ip saddr timeout 1s limit rate 10/second }
gets translated to a dynamic set:
table ip t {
set m {
type ipv4_addr
size 128
flags dynamic,timeout
}
chain c {
tcp dport 80 update @m { ip saddr timeout 1s limit rate 10/second burst 5 packets }
}
}
Check for NFT_SET_ANONYMOUS flag is also relaxed for list and flush
meter commands:
# nft list meter ip t m
table ip t {
set m {
type ipv4_addr
size 128
flags dynamic,timeout
}
}
# nft flush meter ip t m
As a side effect the legacy 'list meter' and 'flush meter' commands allow
to flush a dynamic set to retain backward compatibility.
This patch updates testcases/sets/0022type_selective_flush_0 and
testcases/sets/0038meter_list_0 as well as the json output which now
uses the dynamic set representation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/sets/dumps/0038meter_list_0.json-nft')
-rw-r--r-- | tests/shell/testcases/sets/dumps/0038meter_list_0.json-nft | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/tests/shell/testcases/sets/dumps/0038meter_list_0.json-nft b/tests/shell/testcases/sets/dumps/0038meter_list_0.json-nft index be24687c..853fb5e3 100644 --- a/tests/shell/testcases/sets/dumps/0038meter_list_0.json-nft +++ b/tests/shell/testcases/sets/dumps/0038meter_list_0.json-nft @@ -29,6 +29,19 @@ } }, { + "set": { + "family": "ip", + "name": "m", + "table": "t", + "type": "ipv4_addr", + "handle": 0, + "size": 128, + "flags": [ + "dynamic" + ] + } + }, + { "chain": { "family": "ip", "table": "t", @@ -56,22 +69,24 @@ } }, { - "meter": { - "key": { + "set": { + "op": "add", + "elem": { "payload": { "protocol": "ip", "field": "saddr" } }, - "stmt": { - "limit": { - "rate": 10, - "burst": 5, - "per": "second" + "set": "@m", + "stmt": [ + { + "limit": { + "rate": 10, + "burst": 5, + "per": "second" + } } - }, - "size": 128, - "name": "m" + ] } } ] |