From patchwork Mon Feb 26 08:35:39 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pablo Neira Ayuso <pablo@netfilter.org>
X-Patchwork-Id: 877709
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=netfilter.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3zqZsf4T07z9s0x
	for <incoming@patchwork.ozlabs.org>;
	Mon, 26 Feb 2018 19:35:50 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752114AbeBZIfs (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Mon, 26 Feb 2018 03:35:48 -0500
Received: from mail.us.es ([193.147.175.20]:57252 "EHLO mail.us.es"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751907AbeBZIfq (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Mon, 26 Feb 2018 03:35:46 -0500
Received: from antivirus1-rhel7.int (unknown [192.168.2.11])
	by mail.us.es (Postfix) with ESMTP id 41335EB469
	for <netfilter-devel@vger.kernel.org>;
	Mon, 26 Feb 2018 09:35:45 +0100 (CET)
Received: from antivirus1-rhel7.int (localhost [127.0.0.1])
	by antivirus1-rhel7.int (Postfix) with ESMTP id 31B17DA788
	for <netfilter-devel@vger.kernel.org>;
	Mon, 26 Feb 2018 09:35:45 +0100 (CET)
Received: by antivirus1-rhel7.int (Postfix, from userid 99)
	id 26E1DDA729; Mon, 26 Feb 2018 09:35:45 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
	antivirus1-rhel7.int
X-Spam-Level: 
X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50,
	SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1
Received: from antivirus1-rhel7.int (localhost [127.0.0.1])
	by antivirus1-rhel7.int (Postfix) with ESMTP id 25178DA242
	for <netfilter-devel@vger.kernel.org>;
	Mon, 26 Feb 2018 09:35:43 +0100 (CET)
Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int
	(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int);
	Mon, 26 Feb 2018 09:35:43 +0100 (CET)
X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int)
Received: from salvia.here (sys.soleta.eu [212.170.55.40])
	(Authenticated sender: pneira@us.es)
	by entrada.int (Postfix) with ESMTPA id 0037C4265A2F
	for <netfilter-devel@vger.kernel.org>;
	Mon, 26 Feb 2018 09:35:42 +0100 (CET)
X-SMTPAUTHUS: auth mail.us.es
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft] src: allow to specify flowtable maximum size
Date: Mon, 26 Feb 2018 09:35:39 +0100
Message-Id: <20180226083539.4294-1-pablo@netfilter.org>
X-Mailer: git-send-email 2.11.0
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

This patch allows us to specify the flowtable maximum size, eg.

 table ip x {
        flowtable f {
                hook ingress priority 10
                devices = { eth0, tap0 }
                size 100
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/rule.h     | 1 +
 src/netlink.c      | 3 +++
 src/parser_bison.y | 4 ++++
 src/rule.c         | 3 +++
 4 files changed, 11 insertions(+)

diff --git a/include/rule.h b/include/rule.h
index 92863c63d84a..fed5c83fd64a 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -330,6 +330,7 @@ struct flowtable {
 	const char		**dev_array;
 	struct expr		*dev_expr;
 	int			dev_array_len;
+	uint32_t		size;
 	unsigned int		refcnt;
 };
 
diff --git a/src/netlink.c b/src/netlink.c
index 9e73ea631572..e3ff0bf0a69e 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1813,6 +1813,7 @@ int netlink_add_flowtable(struct netlink_ctx *ctx, const struct handle *h,
 	flo = alloc_nftnl_flowtable(h, ft);
 	nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_HOOKNUM, ft->hooknum);
 	nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, ft->priority);
+	nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_SIZE, ft->size);
 
 	list_for_each_entry(expr, &ft->dev_expr->expressions, list)
 		dev_array[i++] = expr->identifier;
@@ -1932,6 +1933,8 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx,
 		nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_PRIO);
 	flowtable->hooknum =
 		nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_HOOKNUM);
+	flowtable->size =
+		nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_SIZE);
 
 	return flowtable;
 }
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 0be8a1185a26..8b0140696766 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1574,6 +1574,10 @@ flowtable_block		:	/* empty */	{ $$ = $<flowtable>-1; }
 			{
 				$$->dev_expr = $4;
 			}
+			|	flowtable_block	SIZE	NUM
+			{
+				$$->size = $3;
+			}
 			;
 
 flowtable_expr		:	'{'	flowtable_list_expr	'}'
diff --git a/src/rule.c b/src/rule.c
index 432772ab360c..bb9cd2e1e19c 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1571,6 +1571,9 @@ static void flowtable_print_declaration(const struct flowtable *flowtable,
 			nft_print(octx, ", ");
 	}
 	nft_print(octx, " }%s", opts->stmt_separator);
+	if (flowtable->size)
+		nft_print(octx, "%s%ssize %u%s", opts->tab, opts->tab,
+			  flowtable->size, opts->stmt_separator);
 }
 
 static void do_flowtable_print(const struct flowtable *flowtable,