* nftables: counters in sets missing from nft --json output
@ 2021-01-14 12:43 Julian Somers
0 siblings, 0 replies; only message in thread
From: Julian Somers @ 2021-01-14 12:43 UTC (permalink / raw)
To: netfilter
Hello
I can see counters in my sets when I use `nft list` but not when I use
`nft --json list`
The counters are also missing when I use the nftables python libraries
to list the sets.
I have no problem getting named stateful counters with `nft --json
list ruleset` and with the python nft.cmd("list ruleset")
Is there any other machine readable way to get counters for set elements?
Many thanks!
julian@db-fw-a:~$ sudo nft list set inet filter to_databases
table inet filter {
set to_databases {
type ipv4_addr
size 65536
flags dynamic,timeout
timeout 1d
elements = { 172.16.98.8 expires 22h15m15s948ms counter packets
25275074 bytes 2244973824, 172.16.98.18 expires 6h43m52s400ms counter
packets 34 bytes 1440 }
}
}
julian@db-fw-a:~$ sudo nft --json list set inet filter to_databases |jq
{
"nftables": [
{
"metainfo": {
"version": "0.9.6",
"release_name": "Capital Idea #2",
"json_schema_version": 1
}
},
{
"set": {
"family": "inet",
"name": "to_databases",
"table": "filter",
"type": "ipv4_addr",
"handle": 8,
"size": 65536,
"flags": [
"timeout"
],
"timeout": 86400,
"elem": [
{
"elem": {
"val": "172.16.98.8",
"expires": 79987
}
},
{
"elem": {
"val": "172.16.98.18",
"expires": 24103
}
}
]
}
}
]
}
julian@db-fw-a:~$ sudo nft --json list counter inet filter ha-conntrack |jq
{
"nftables": [
{
"metainfo": {
"version": "0.9.6",
"release_name": "Capital Idea #2",
"json_schema_version": 1
}
},
{
"counter": {
"family": "inet",
"name": "ha-conntrack",
"table": "filter",
"handle": 4,
"packets": 70305,
"bytes": 3105800
}
}
]
}
I am using debian buster with nftables and python3-nftables from
buster-backports
julian@db-fw-a:~$ sudo dpkg -l | grep nftables
ii libnftables0:amd64 0.9.0-2
amd64 Netfilter nftables high level userspace API library
ii libnftables1:amd64 0.9.6-1~bpo10+1
amd64 Netfilter nftables high level userspace API library
ii libnftnl11:amd64 1.1.7-1~bpo10+1
amd64 Netfilter nftables userspace API library
ii nftables 0.9.6-1~bpo10+1
amd64 Program to control packet filtering rules by Netfilter
project
ii python3-nftables 0.9.6-1~bpo10+1
amd64 nftables/libnftables python3 module
julian@db-fw-a:~$ uname -a
Linux db-fw-a 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28)
x86_64 GNU/Linux
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-01-14 12:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-14 12:43 nftables: counters in sets missing from nft --json output Julian Somers
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.