diff options
author | Florian Westphal <fw@strlen.de> | 2018-05-02 14:50:12 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-05-02 16:43:38 +0200 |
commit | 2cced3146918163c383432fa40488280f3f87371 (patch) | |
tree | d60efb1a96f3dbbc5f33eb6bfb4da67755ea2070 | |
parent | a502ba00e44a03cbce9b5769274e1b604d3f08ad (diff) |
meter: enforce presence of a max size
meters are updated dynamically, so we don't know in advance
how large this structure can be.
Add a 'size' keyword to specifiy an upper limit and update
the old syntax to assume a default max value of 65535.
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | include/statement.h | 1 | ||||
-rw-r--r-- | src/evaluate.c | 1 | ||||
-rw-r--r-- | src/netlink_delinearize.c | 1 | ||||
-rw-r--r-- | src/parser_bison.y | 10 | ||||
-rw-r--r-- | src/statement.c | 2 | ||||
-rw-r--r-- | tests/py/ip/flowtable.t | 2 | ||||
-rw-r--r-- | tests/py/ip6/flowtable.t | 4 |
7 files changed, 17 insertions, 4 deletions
diff --git a/include/statement.h b/include/statement.h index fa0b5dfa..7315e7ae 100644 --- a/include/statement.h +++ b/include/statement.h @@ -178,6 +178,7 @@ struct meter_stmt { struct expr *key; struct stmt *stmt; const char *name; + uint32_t size; }; extern struct stmt *meter_stmt_alloc(const struct location *loc); diff --git a/src/evaluate.c b/src/evaluate.c index 4384e271..55e6ad1e 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1995,6 +1995,7 @@ static int stmt_evaluate_meter(struct eval_ctx *ctx, struct stmt *stmt) setref = implicit_set_declaration(ctx, stmt->meter.name, key, set); + setref->set->desc.size = stmt->meter.size; stmt->meter.set = setref; if (stmt_evaluate(ctx, stmt->meter.stmt) < 0) diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 2126cf20..10b3e8cb 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1201,6 +1201,7 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx, stmt->meter.set = set_ref_expr_alloc(loc, set); stmt->meter.key = expr; stmt->meter.stmt = dstmt; + stmt->meter.size = set->desc.size; } else if (expr_data != NULL) { stmt = map_stmt_alloc(loc); stmt->map.set = set_ref_expr_alloc(loc, set); diff --git a/src/parser_bison.y b/src/parser_bison.y index f546b9ed..ee3600d7 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2761,10 +2761,20 @@ meter_stmt_alloc : METER identifier '{' meter_key_expr stmt '}' { $$ = meter_stmt_alloc(&@$); $$->meter.name = $2; + $$->meter.size = 0xffff; $$->meter.key = $4; $$->meter.stmt = $5; $$->location = @$; } + | METER identifier SIZE NUM '{' meter_key_expr stmt '}' + { + $$ = meter_stmt_alloc(&@$); + $$->meter.name = $2; + $$->meter.size = $4; + $$->meter.key = $6; + $$->meter.stmt = $7; + $$->location = @$; + } ; match_stmt : relational_expr diff --git a/src/statement.c b/src/statement.c index fccf71c1..19c30cf8 100644 --- a/src/statement.c +++ b/src/statement.c @@ -114,7 +114,7 @@ static void meter_stmt_print(const struct stmt *stmt, struct output_ctx *octx) expr_print(stmt->meter.set, octx); nft_print(octx, " "); } - nft_print(octx, "{ "); + nft_print(octx, "size %u { ", stmt->meter.size); expr_print(stmt->meter.key, octx); nft_print(octx, " "); diff --git a/tests/py/ip/flowtable.t b/tests/py/ip/flowtable.t index 4427fab8..7a68788a 100644 --- a/tests/py/ip/flowtable.t +++ b/tests/py/ip/flowtable.t @@ -2,4 +2,4 @@ *ip;test-ip;input -meter xyz { ip saddr timeout 30s counter};ok +meter xyz { ip saddr timeout 30s counter};ok;meter xyz size 65535 { ip saddr timeout 30s counter} diff --git a/tests/py/ip6/flowtable.t b/tests/py/ip6/flowtable.t index 5c048935..d89e90c3 100644 --- a/tests/py/ip6/flowtable.t +++ b/tests/py/ip6/flowtable.t @@ -2,5 +2,5 @@ *ip6;test-ip6;input -meter acct_out { meta iif . ip6 saddr timeout 600s counter };ok;meter acct_out { iif . ip6 saddr timeout 10m counter} -meter acct_out { ip6 saddr . meta iif timeout 600s counter };ok;meter acct_out { ip6 saddr . iif timeout 10m counter} +meter acct_out { meta iif . ip6 saddr timeout 600s counter };ok;meter acct_out size 65535 { iif . ip6 saddr timeout 10m counter} +meter acct_out { ip6 saddr . meta iif timeout 600s counter };ok;meter acct_out size 65535 { ip6 saddr . iif timeout 10m counter} |