From b9d6a7b68e93c9a7a48b2dada6e7380190480b79 Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Thu, 7 Apr 2016 22:58:54 +0530 Subject: src: evaluate: Show error for fanout without balance The idea of fanout option is to improve the performance by indexing CPU ID to map packets to the queues. This is used for load balancing. Fanout option is not required when there is a single queue specified. According to iptables, queue balance should be specified in order to use fanout. Following that, throw an error in nftables if the range of queues for load balancing is not specified with the fanout option. After this patch, $ sudo nft add rule ip filter forward counter queue num 0 fanout :1:46-46: Error: fanout requires a range to be specified add rule ip filter forward counter queue num 0 fanout ^^^^^ Signed-off-by: Shivani Bhardwaj Signed-off-by: Pablo Neira Ayuso --- src/evaluate.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/evaluate.c') diff --git a/src/evaluate.c b/src/evaluate.c index d9ac8542..346e34fc 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2006,6 +2006,11 @@ static int stmt_evaluate_queue(struct eval_ctx *ctx, struct stmt *stmt) if (!expr_is_constant(stmt->queue.queue)) return expr_error(ctx->msgs, stmt->queue.queue, "queue number is not constant"); + if (stmt->queue.queue->ops->type != EXPR_RANGE && + (stmt->queue.flags & NFT_QUEUE_FLAG_CPU_FANOUT)) + return expr_error(ctx->msgs, stmt->queue.queue, + "fanout requires a range to be " + "specified"); } return 0; } -- cgit v1.2.3