From 90a0f8c443bbe33676aeff4e9782aa6b0e6c0894 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Tue, 23 Sep 2014 14:05:15 +0200 Subject: src: add set optimization options This patch adds options to choose set optimization mechanisms. Two new statements are added to the set syntax, and they can be mixed: nft add set filter set1 { type ipv4_addr ; size 1024 ; } nft add set filter set1 { type ipv4_addr ; policy memory ; } nft add set filter set1 { type ipv4_addr ; policy performance ; } nft add set filter set1 { type ipv4_addr ; policy memory ; size 1024 ; } nft add set filter set1 { type ipv4_addr ; size 1024 ; policy memory ; } nft add set filter set1 { type ipv4_addr ; policy performance ; size 1024 ; } nft add set filter set1 { type ipv4_addr ; size 1024 ; policy performance ; } Also valid for maps: nft add map filter map1 { type ipv4_addr : verdict ; policy performace ; } [...] This is the output format, which can be imported later with `nft -f': table filter { set set1 { type ipv4_addr policy memory size 1024 } } In this approach the parser accepts default options such as 'performance', given they are a valid configurations, but aren't sent to the kernel. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/netlink.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'src/netlink.c') diff --git a/src/netlink.c b/src/netlink.c index 17b82ee8..64960ad9 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1050,6 +1050,13 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, set->datalen = data_len * BITS_PER_BYTE; } + if (nft_set_attr_is_set(nls, NFT_SET_ATTR_POLICY)) + set->policy = nft_set_attr_get_u32(nls, NFT_SET_ATTR_POLICY); + + if (nft_set_attr_is_set(nls, NFT_SET_ATTR_DESC_SIZE)) + set->desc.size = nft_set_attr_get_u32(nls, + NFT_SET_ATTR_DESC_SIZE); + return set; } @@ -1108,6 +1115,19 @@ static int netlink_add_set_batch(struct netlink_ctx *ctx, } set->handle.set_id = ++set_id; nft_set_attr_set_u32(nls, NFT_SET_ATTR_ID, set->handle.set_id); + + if (!(set->flags & (SET_F_CONSTANT))) { + if (set->policy != NFT_SET_POL_PERFORMANCE) { + nft_set_attr_set_u32(nls, NFT_SET_ATTR_POLICY, + set->policy); + } + + if (set->desc.size != 0) { + nft_set_attr_set_u32(nls, NFT_SET_ATTR_DESC_SIZE, + set->desc.size); + } + } + netlink_dump_set(nls); err = mnl_nft_set_batch_add(nf_sock, nls, NLM_F_EXCL, ctx->seqnum); -- cgit v1.2.3