[nft] src: allow to specify flowtable maximum size

Message ID 20180226083539.4294-1-pablo@netfilter.org
State Under Review
Delegated to: Pablo Neira
Headers show
Series
  • [nft] src: allow to specify flowtable maximum size
Related show

Commit Message

Pablo Neira Ayuso Feb. 26, 2018, 8:35 a.m.
This patch allows us to specify the flowtable maximum size, eg.

 table ip x {
        flowtable f {
                hook ingress priority 10
                devices = { eth0, tap0 }
                size 100
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/rule.h     | 1 +
 src/netlink.c      | 3 +++
 src/parser_bison.y | 4 ++++
 src/rule.c         | 3 +++
 4 files changed, 11 insertions(+)

Patch

diff --git a/include/rule.h b/include/rule.h
index 92863c63d84a..fed5c83fd64a 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -330,6 +330,7 @@  struct flowtable {
 	const char		**dev_array;
 	struct expr		*dev_expr;
 	int			dev_array_len;
+	uint32_t		size;
 	unsigned int		refcnt;
 };
 
diff --git a/src/netlink.c b/src/netlink.c
index 9e73ea631572..e3ff0bf0a69e 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1813,6 +1813,7 @@  int netlink_add_flowtable(struct netlink_ctx *ctx, const struct handle *h,
 	flo = alloc_nftnl_flowtable(h, ft);
 	nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_HOOKNUM, ft->hooknum);
 	nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, ft->priority);
+	nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_SIZE, ft->size);
 
 	list_for_each_entry(expr, &ft->dev_expr->expressions, list)
 		dev_array[i++] = expr->identifier;
@@ -1932,6 +1933,8 @@  netlink_delinearize_flowtable(struct netlink_ctx *ctx,
 		nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_PRIO);
 	flowtable->hooknum =
 		nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_HOOKNUM);
+	flowtable->size =
+		nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_SIZE);
 
 	return flowtable;
 }
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 0be8a1185a26..8b0140696766 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1574,6 +1574,10 @@  flowtable_block		:	/* empty */	{ $$ = $<flowtable>-1; }
 			{
 				$$->dev_expr = $4;
 			}
+			|	flowtable_block	SIZE	NUM
+			{
+				$$->size = $3;
+			}
 			;
 
 flowtable_expr		:	'{'	flowtable_list_expr	'}'
diff --git a/src/rule.c b/src/rule.c
index 432772ab360c..bb9cd2e1e19c 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1571,6 +1571,9 @@  static void flowtable_print_declaration(const struct flowtable *flowtable,
 			nft_print(octx, ", ");
 	}
 	nft_print(octx, " }%s", opts->stmt_separator);
+	if (flowtable->size)
+		nft_print(octx, "%s%ssize %u%s", opts->tab, opts->tab,
+			  flowtable->size, opts->stmt_separator);
 }
 
 static void do_flowtable_print(const struct flowtable *flowtable,