[PATCH v2 nftables 3/4] src: print count variable in normal set listings

Florian Westphal <fw@xxxxxxxxx> · Tue, 8 Apr 2025 16:21:31 +0200

Also print the number of allocated set elements if the set provided
an upper size limit and there is at least one element.

Example:

table ip t {
   set s {
       type ipv4_addr
       size 65535      # count 1
       flags dynamic
       counter
       elements = { 1.1.1.1 counter packets 1 bytes 11 }
   }
   ...

JSON output is unchanged as this only has informational purposes.

This change breaks tests, followup patch addresses this.

Suggested-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
 include/rule.h | 2 ++
 src/netlink.c  | 3 +++
 src/rule.c     | 9 ++++++---
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/include/rule.h b/include/rule.h
index 85a0d9c0b524..5c8870032472 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -321,6 +321,7 @@ void rule_stmt_insert_at(struct rule *rule, struct stmt *nstmt,
  * @refcnt:	reference count
  * @flags:	bitmask of set flags
  * @gc_int:	garbage collection interval
+ * @count:	count of kernel-allocated elements
  * @timeout:	default timeout value
  * @key:	key expression (data type, length))
  * @data:	mapping data expression
@@ -345,6 +346,7 @@ struct set {
 	unsigned int		refcnt;
 	uint32_t		flags;
 	uint32_t		gc_int;
+	uint32_t		count;
 	uint64_t		timeout;
 	struct expr		*key;
 	struct expr		*data;
diff --git a/src/netlink.c b/src/netlink.c
index 98ec3cdba996..9b197f089d40 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1129,6 +1129,9 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
 	if (nftnl_set_is_set(nls, NFTNL_SET_DESC_SIZE))
 		set->desc.size = nftnl_set_get_u32(nls, NFTNL_SET_DESC_SIZE);
 
+	if (nftnl_set_is_set(nls, NFTNL_SET_COUNT))
+		set->count = nftnl_set_get_u32(nls, NFTNL_SET_COUNT);
+
 	if (nftnl_set_is_set(nls, NFTNL_SET_DESC_CONCAT)) {
 		uint32_t len = NFT_REG32_COUNT;
 		const uint8_t *data;
diff --git a/src/rule.c b/src/rule.c
index 80315837baf0..6af8d57eddb6 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -335,10 +335,13 @@ static void set_print_declaration(const struct set *set,
 		}
 
 		if (set->desc.size > 0) {
-			nft_print(octx, "%s%ssize %u%s",
+			nft_print(octx, "%s%ssize %u",
 				  opts->tab, opts->tab,
-				  set->desc.size,
-				  opts->stmt_separator);
+				  set->desc.size);
+			if (set->count > 0)
+				nft_print(octx, "%s# count %u", opts->tab,
+					  set->count);
+			nft_print(octx, "%s", opts->stmt_separator);
 		}
 	}
 
-- 
2.49.0








