blob: 9134673cf48a10c20f263051320a82cc15816bdd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
table ip dynset {
map dynmark {
typeof ip daddr : meta mark
size 64
counter
timeout 5m
}
chain test_ping {
ip saddr @dynmark counter packets 0 bytes 0 comment "should not increment"
ip saddr != @dynmark add @dynmark { ip saddr : 0x00000001 } counter packets 1 bytes 84
ip saddr @dynmark counter packets 1 bytes 84 comment "should increment"
ip saddr @dynmark delete @dynmark { ip saddr : 0x00000001 }
ip saddr @dynmark counter packets 0 bytes 0 comment "delete should be instant but might fail under memory pressure"
}
chain input {
type filter hook input priority filter; policy accept;
add @dynmark { 10.2.3.4 timeout 1s : 0x00000002 } comment "also check timeout-gc"
meta l4proto icmp ip daddr 127.0.0.42 jump test_ping
}
}
|