From 1694df2de79f39c5037f82601e02226022b2e38f Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 14 Oct 2022 23:19:22 +0200 Subject: Implement 'reset rule' and 'reset rules' commands Reset rule counters and quotas in kernel, i.e. without having to reload them. Requires respective kernel patch to support NFT_MSG_GETRULE_RESET message type. Signed-off-by: Phil Sutter --- doc/libnftables-json.adoc | 2 +- doc/nft.txt | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc index d985149a..f4aea36e 100644 --- a/doc/libnftables-json.adoc +++ b/doc/libnftables-json.adoc @@ -175,7 +175,7 @@ kind, optionally filtered by *family* and for some, also *table*. ____ *{ "reset":* 'RESET_OBJECT' *}* -'RESET_OBJECT' := 'COUNTER' | 'COUNTERS' | 'QUOTA' | 'QUOTAS' +'RESET_OBJECT' := 'COUNTER' | 'COUNTERS' | 'QUOTA' | 'QUOTAS' | 'RULE' | 'RULES' ____ Reset state in suitable objects, i.e. zero their internal counter. diff --git a/doc/nft.txt b/doc/nft.txt index eb8df1d9..18c18468 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -481,7 +481,10 @@ RULES [verse] {*add* | *insert*} *rule* ['family'] 'table' 'chain' [*handle* 'handle' | *index* 'index'] 'statement' ... [*comment* 'comment'] *replace rule* ['family'] 'table' 'chain' *handle* 'handle' 'statement' ... [*comment* 'comment'] -*delete rule* ['family'] 'table' 'chain' *handle* 'handle' +{*delete* | *reset*} *rule* ['family'] 'table' 'chain' *handle* 'handle' +*reset rules* ['family'] +*reset rules* *table* ['family'] 'table' +*reset rules* *chain* ['family'] 'table' ['chain'] Rules are added to chains in the given table. If the family is not specified, the ip family is used. Rules are constructed from two kinds of components according @@ -509,6 +512,7 @@ case the rule is inserted after the specified rule. beginning of the chain or before the specified rule. *replace*:: Similar to *add*, but the rule replaces the specified rule. *delete*:: Delete the specified rule. +*reset*:: Reset rule-contained state, i.e. counter and quota statement values. .*add a rule to ip table output chain* ------------- -- cgit v1.2.3