From 4795a994e2810c63d8da19b5f75854db470e4a6c Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 20 Mar 2019 11:32:58 +0100 Subject: src: use 'flow add' syntax As discussed during NFWS 2018. Old syntax is stilled allowed. Signed-off-by: Pablo Neira Ayuso --- doc/nft.txt | 2 +- doc/statements.txt | 8 ++++---- src/ct.c | 2 +- src/parser_bison.y | 4 ++++ tests/shell/testcases/flowtable/0001flowtable_0 | 2 +- tests/shell/testcases/flowtable/0005delete_in_use_1 | 2 +- tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft | 2 +- 7 files changed, 13 insertions(+), 9 deletions(-) diff --git a/doc/nft.txt b/doc/nft.txt index a4ab4a8e..d162dad0 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -585,7 +585,7 @@ address - to update the destination link-layer address - to forward packets. The ttl and hoplimit fields are also decremented. Hence, flowtables provides an alternative path that allow packets to bypass the classic forwarding path. Flowtables reside in the ingress hook that is located before the prerouting -hook. You can select which flows you want to offload through the flow offload +hook. You can select which flows you want to offload through the flow expression from the forward chain. Flowtables are identified by their address family and their name. The address family must be one of ip, ip6, or inet. The inet address family is a dummy family which is used to create hybrid IPv4/IPv6 diff --git a/doc/statements.txt b/doc/statements.txt index a5822cf0..0687f53f 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -439,13 +439,13 @@ table inet x { } ------------------------------------- -FLOW OFFLOAD STATEMENT -~~~~~~~~~~~~~~~~~~~~~~ -A flow offload statement allows us to select what flows you want to accelerate +FLOW STATEMENT +~~~~~~~~~~~~~~ +A flow statement allows us to select what flows you want to accelerate forwarding through layer 3 network stack bypass. You have to specify the flowtable name where you want to offload this flow. -*flow offload* @flowtable +*flow add* @flowtable QUEUE STATEMENT ~~~~~~~~~~~~~~~ diff --git a/src/ct.c b/src/ct.c index e77c3201..ca31f498 100644 --- a/src/ct.c +++ b/src/ct.c @@ -481,7 +481,7 @@ struct stmt *notrack_stmt_alloc(const struct location *loc) static void flow_offload_stmt_print(const struct stmt *stmt, struct output_ctx *octx) { - printf("flow offload @%s", stmt->flow.table_name); + printf("flow add @%s", stmt->flow.table_name); } static const struct stmt_ops flow_offload_stmt_ops = { diff --git a/src/parser_bison.y b/src/parser_bison.y index 48e44e5a..65b3fb3e 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -3915,6 +3915,10 @@ meta_stmt : META meta_key SET stmt_expr { $$ = flow_offload_stmt_alloc(&@$, $4); } + | FLOW ADD AT string + { + $$ = flow_offload_stmt_alloc(&@$, $4); + } ; socket_expr : SOCKET socket_key diff --git a/tests/shell/testcases/flowtable/0001flowtable_0 b/tests/shell/testcases/flowtable/0001flowtable_0 index 90b23dc3..8336ec5a 100755 --- a/tests/shell/testcases/flowtable/0001flowtable_0 +++ b/tests/shell/testcases/flowtable/0001flowtable_0 @@ -7,7 +7,7 @@ EXPECTED='table inet t { } chain c { - flow offload @f + flow add @f } }' diff --git a/tests/shell/testcases/flowtable/0005delete_in_use_1 b/tests/shell/testcases/flowtable/0005delete_in_use_1 index 149d6444..ef52620d 100755 --- a/tests/shell/testcases/flowtable/0005delete_in_use_1 +++ b/tests/shell/testcases/flowtable/0005delete_in_use_1 @@ -4,7 +4,7 @@ set -e $NFT add table x $NFT add chain x x $NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;} -$NFT add rule x x flow offload @y +$NFT add rule x x flow add @y $NFT delete flowtable x y || exit 0 echo "E: delete flowtable in use" diff --git a/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft index 6a1c7b81..629bfe81 100644 --- a/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft +++ b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft @@ -5,6 +5,6 @@ table inet t { } chain c { - flow offload @f + flow add @f } } -- cgit v1.2.3