Comments (1)
turekt
commented on May 18, 2024
Hi @ProjectIcarusX,
from the following output:
$ nft add table inet quota_demo
$ nft --debug=mnl add quota inet quota_demo q_test { over 100 mbytes \; comment "test" }
---------------- ------------------
| 0000000020 | | message length |
| 02576 | R--- | | type | flags |
| 0000000000 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 00 00 00 00 | | extra header |
---------------- ------------------
---------------- ------------------
| 0000000020 | | message length |
| 02561 | R--- | | type | flags |
| 0000000000 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 00 00 00 00 | | extra header |
---------------- ------------------
---------------- ------------------
| 0000000020 | | message length |
| 02576 | R--- | | type | flags |
| 0000000000 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 00 00 00 00 | | extra header |
---------------- ------------------
---------------- ------------------
| 0000000020 | | message length |
| 00016 | R--- | | type | flags |
| 0000000000 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 00 00 00 0a | | extra header |
---------------- ------------------
---------------- ------------------
| 0000000104 | | message length |
| 02578 | R--- | | type | flags |
| 0000000001 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 01 00 00 00 | | extra header |
|00015|--|00001| |len |flags| type|
| 71 75 6f 74 | | data | q u o t
| 61 5f 64 65 | | data | a _ d e
| 6d 6f 00 00 | | data | m o
|00011|--|00002| |len |flags| type|
| 71 5f 74 65 | | data | q _ t e
| 73 74 00 00 | | data | s t
|00008|--|00003| |len |flags| type|
| 00 00 00 02 | | data |
|00011|--|00008| |len |flags| type|
| 00 05 74 65 | | data | t e
| 73 74 00 00 | | data | s t
|00036|N-|00004| |len |flags| type|
|00012|--|00001| |len |flags| type|
| 00 00 00 00 | | data |
| 06 40 00 00 | | data | @
|00012|--|00004| |len |flags| type|
| 00 00 00 00 | | data |
| 00 00 00 00 | | data |
|00008|--|00002| |len |flags| type|
| 00 00 00 01 | | data |
---------------- ------------------
---------------- ------------------
| 0000000020 | | message length |
| 00017 | R--- | | type | flags |
| 0000000002 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 00 00 00 0a | | extra header |
---------------- ------------------
The netlink message corresponds to nft_object_attributes as specified here:
https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=3eaa940bc33a3186dc7ba1e30640ec79b5f261b9#n1637
Dissection of the netlink message:
|00015|--|00001| quota_demo\x00\x00 --> NFTA_OBJ_TABLE
|00011|--|00002| q_test\x00\x00 --> NFTA_OBJ_NAME
|00008|--|00003| \x00\x00\x00\x02 --> NFTA_OBJ_TYPE (value 2 = NFT_OBJECT_QUOTA)
|00011|--|00008| \x00\x05test\x00\x00 --> NFTA_OBJ_USERDATA (TLV struct for quota name)
|00036|N-|00004| --> NFTA_OBJ_DATA (NLA_NESTED, holds nft_quota_attributes struct)
|00012|--|00001| \x00\x00\x00\x00\x06\x40\x00\x00 --> NFTA_QUOTA_BYTES (0x06400000 = 104857600 B = 100 MB)
|00012|--|00004| \x00\x00\x00\x00\x00\x00\x00\x00 --> NFTA_QUOTA_CONSUMED (0)
|00008|--|00002| \x00\x00\x00\x01 --> NFTA_QUOTA_FLAGS (1 = NFT_QUOTA_F_INV)
---------------- ------------------
As far as I see in the nftables Go code, this expression is not currently implemented. You can implement it and send a PR if you want, otherwise I can look into it in the next few weeks.
from nftables.
Related Issues (20)
- Anonymous time collection problem HOT 10
- Please consider create a release/tag HOT 1
- Alignment issues on 32-bit archs: TestAlignedBuff32 & TestAlignedBuffInt32 failures HOT 9
- Test failures on s390x: endianness problems? HOT 11
- Reason for not wrapping libnftnl/libmnl. HOT 1
- GetRules lost expr.Masq HOT 1
- nftables go dynset implementation will not work with libnftnl versions <1.1.9 HOT 1
- High
- Feature: add support for monitor HOT 6
- AddSet IPv4 wrong byte order on Ubuntu 22.04 HOT 8
- Rule Handle not updated after InsertRule even using Flush. HOT 4
- Not all response messages are received causing the receive buffer to overflow HOT 8
- BUG: block in Conn.Flush() HOT 4
- How to get an error when try to add an existed table?
- Adding rules in code produces different results and logs than the rules I added directly from the command line HOT 6
- Use a CIDR prefix as target in a NAT rule HOT 3
- Troubleshooting NFTables Table Creation with Go HOT 2
- Objects implementation refactor HOT 1
- Broken deps HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nftables.