diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-24 18:38:51 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-26 15:10:26 +0100 |
| commit | b119428c934c7d356023828fed6a83b12bbcaa1f (patch) | |
| tree | 78fd4c408ab47ac158059672f961b82c9c8688ab | |
| parent | 15a62af1868efa5df504f68afe50300fa7667f82 (diff) | |
src: add support for flowtable counter
Allow users to enable flow counters via control plane toggle, e.g.
table ip x {
flowtable y {
hook ingress priority 0;
counter;
}
chain z {
type filter hook ingress priority filter;
flow add @z
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/rule.h | 1 | ||||
| -rw-r--r-- | src/mnl.c | 3 | ||||
| -rw-r--r-- | src/netlink.c | 2 | ||||
| -rw-r--r-- | src/parser_bison.y | 4 | ||||
| -rw-r--r-- | src/rule.c | 4 |
5 files changed, 14 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h index 70c8c4cf..db11b1d6 100644 --- a/include/rule.h +++ b/include/rule.h @@ -491,6 +491,7 @@ struct flowtable { const char **dev_array; struct expr *dev_expr; int dev_array_len; + uint32_t flags; unsigned int refcnt; }; @@ -1629,6 +1629,9 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd, free(dev_array); + nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FLAGS, + cmd->flowtable->flags); + netlink_dump_flowtable(flo, ctx); nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), diff --git a/src/netlink.c b/src/netlink.c index b254753f..ab1afd42 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1342,6 +1342,8 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx, &priority); flowtable->hooknum = nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_HOOKNUM); + flowtable->flags = + nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_FLAGS); return flowtable; } diff --git a/src/parser_bison.y b/src/parser_bison.y index e14118ca..9976bcaf 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1892,6 +1892,10 @@ flowtable_block : /* empty */ { $$ = $<flowtable>-1; } { $$->dev_expr = $4; } + | flowtable_block COUNTER + { + $$->flags |= NFT_FLOWTABLE_COUNTER; + } ; flowtable_expr : '{' flowtable_list_expr '}' @@ -2247,6 +2247,10 @@ static void flowtable_print_declaration(const struct flowtable *flowtable, nft_print(octx, ", "); } nft_print(octx, " }%s", opts->stmt_separator); + + if (flowtable->flags & NFT_FLOWTABLE_COUNTER) + nft_print(octx, "%s%scounter%s", opts->tab, opts->tab, + opts->stmt_separator); } static void do_flowtable_print(const struct flowtable *flowtable, |