[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: A few questions concerning the "nft set" syntax
From:       Mikhail Morfikov <mmorfikov () gmail ! com>
Date:       2019-03-06 12:02:32
Message-ID: 1f362192-1280-f9f2-3836-ce68df0ba493 () gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


On 26/02/2019 16:54, Mikhail Morfikov wrote:
> I'm in the middle of reading nft manual concerning the "nft set" syntax, 
> and I wanted to ask a few questions to clarify some things I can't figure 
> out.
> 
> 1. What is the "mark" set type? I understand the other types, but I don't 
>    really know how would I use this one.
> 2. What are flags? There are "constant", "interval" and "timeout", but 
>    there's no info on what they do. So what's the difference between them?
> 3. There's a "timeout flag" and also a regular "timeout". What's the
>    difference between them?
> 4. In the case of "size", we can read the following: "maximun number of 
>    elements in the set, mandatory if set is added to from the packet path 
>    (ruleset)". What does "from the packet path (ruleset)" really mean?
> 5. The next thing is "policy", which can be one of "performance" and 
>    "memory". What does the policy do? The default is the fist one. What 
>    if I set the other one? What will change?
> 
> 
Any info on this?


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]