src: print count variable in normal set listings

Also print the number of allocated set elements if the set provided
an upper size limit and there is at least one element.

Example:

table ip t {
   set s {
       type ipv4_addr
       size 65535      # count 1
       flags dynamic
       counter
       elements = { 1.1.1.1 counter packets 1 bytes 11 }
   }
   ...

JSON output is unchanged as this only has informational purposes.

This change breaks tests, followup patch addresses this.

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/include/rule.h b/include/rule.h
index 655d6abaf5fae86051fe3f68a9119d238e61b636..470ae10754ba59dcd4feba8f843f23449814165b 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -321,6 +321,7 @@ void rule_stmt_insert_at(struct rule *rule, struct stmt *nstmt,
  * @refcnt:    reference count
  * @flags:     bitmask of set flags
  * @gc_int:    garbage collection interval
+ * @count:     count of kernel-allocated elements
  * @timeout:   default timeout value
  * @key:       key expression (data type, length))
  * @data:      mapping data expression
@@ -345,6 +346,7 @@ struct set {
        unsigned int            refcnt;
        uint32_t                flags;
        uint32_t                gc_int;
+       uint32_t                count;
        uint64_t                timeout;
        struct expr             *key;
        struct expr             *data;

diff --git a/src/netlink.c b/src/netlink.c
index 68f1b90c0a056d99f5e28d3e8c9321a51221dbd1..b5c092b499036cb89cea5a50d3893549a8ffa37f 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1139,6 +1139,9 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
        if (nftnl_set_is_set(nls, NFTNL_SET_DESC_SIZE))
                set->desc.size = nftnl_set_get_u32(nls, NFTNL_SET_DESC_SIZE);
 
+       if (nftnl_set_is_set(nls, NFTNL_SET_COUNT))
+               set->count = nftnl_set_get_u32(nls, NFTNL_SET_COUNT);
+
        if (nftnl_set_is_set(nls, NFTNL_SET_DESC_CONCAT)) {
                uint32_t len = NFT_REG32_COUNT;
                const uint8_t *data;

diff --git a/src/rule.c b/src/rule.c
index e2fe0979da3060a722314c31c697ba2b4851931b..0945d14a780e9fa9065cd51df191476b57f8f311 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -335,10 +335,13 @@ static void set_print_declaration(const struct set *set,
                }
 
                if (set->desc.size > 0) {
-                       nft_print(octx, "%s%ssize %u%s",
+                       nft_print(octx, "%s%ssize %u",
                                  opts->tab, opts->tab,
-                                 set->desc.size,
-                                 opts->stmt_separator);
+                                 set->desc.size);
+                       if (set->count > 0)
+                               nft_print(octx, "%s# count %u", opts->tab,
+                                         set->count);
+                       nft_print(octx, "%s", opts->stmt_separator);
                }
        }