bugzilla-daemon at netfilter.org
2018-Dec-31 21:52 UTC
[Bug 1315] New: Does not seem to be a way to use a named quota to make decisions in a rule
https://bugzilla.netfilter.org/show_bug.cgi?id=1315
Bug ID: 1315
Summary: Does not seem to be a way to use a named quota to make
decisions in a rule
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: dlakelan at street-artists.org
Suppose I want to use a named quota to make decisions about what to do with
packets:
table inet foo {
quota myquota {1000 mbytes used 0 bytes}
chain foochain{
meta mark 0x123 quota named myquota comment "count packets with a
certain
mark"
meta mark 0x123 quota myquota over 1000 mbytes drop
}
}
The attempt to use the named quota doesn't work. I'm not sure if this is
a
parser bug or a feature that doesn't work or what, but if I use:
meta mark 0x123 quota over 1000 mbytes drop
it will create an anonymous quota and I can drop the packets (but see
https://bugzilla.netfilter.org/show_bug.cgi?id=1314 for a bug related to
anonymous quotas), but I can't seem to invoke the use of the named quota
using
any syntax. It seems like using a named quota should be possible here, and
it's
the only way to have a single quota influenced by multiple rules.
If there is a syntax that works it is not documented (and if it can be
described here I'm happy to edit the wiki and document it).
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181231/2e5aa119/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-14 09:31 UTC
[Bug 1315] Does not seem to be a way to use a named quota to make decisions in a rule
https://bugzilla.netfilter.org/show_bug.cgi?id=1315
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fw at strlen.de
--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to Daniel from comment #0)> Suppose I want to use a named quota to make decisions about what to do with
> packets:
>
> table inet foo {
> quota myquota {1000 mbytes used 0 bytes}
>
>
> chain foochain{
> meta mark 0x123 quota named myquota comment "count packets with a
> certain mark"
> meta mark 0x123 quota myquota over 1000 mbytes drop
> }
> }
This should work:
table inet foo {
quota myquota {
over 1000 mbytes
}
chain foochain {
meta mark 0x00000123 quota name "myquota" drop comment
"count
packets with a certain mark"
}
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190714/1c663851/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 15:55 UTC
[Bug 1315] Does not seem to be a way to use a named quota to make decisions in a rule
https://bugzilla.netfilter.org/show_bug.cgi?id=1315
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/026d42b9/attachment.html>