From 7769cbd9dfe69cb653757c681c97693f7e900010 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 2 Aug 2015 18:51:43 +0200 Subject: expr: limit: add per-byte limiting support Signed-off-by: Pablo Neira Ayuso --- src/expr/limit.c | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/expr/limit.c b/src/expr/limit.c index c6d0240..ef7c17f 100644 --- a/src/expr/limit.c +++ b/src/expr/limit.c @@ -26,6 +26,7 @@ struct nftnl_expr_limit { uint64_t rate; uint64_t unit; uint32_t burst; + enum nft_limit_type type; }; static int @@ -44,6 +45,9 @@ nftnl_expr_limit_set(struct nftnl_expr *e, uint16_t type, case NFTNL_EXPR_LIMIT_BURST: limit->burst = *((uint32_t *)data); break; + case NFTNL_EXPR_LIMIT_TYPE: + limit->type = *((uint32_t *)data); + break; default: return -1; } @@ -66,6 +70,9 @@ nftnl_expr_limit_get(const struct nftnl_expr *e, uint16_t type, case NFTNL_EXPR_LIMIT_BURST: *data_len = sizeof(uint32_t); return &limit->burst; + case NFTNL_EXPR_LIMIT_TYPE: + *data_len = sizeof(uint32_t); + return &limit->type; } return NULL; } @@ -85,6 +92,7 @@ static int nftnl_expr_limit_cb(const struct nlattr *attr, void *data) abi_breakage(); break; case NFTA_LIMIT_BURST: + case NFTA_LIMIT_TYPE: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); break; @@ -105,6 +113,8 @@ nftnl_expr_limit_build(struct nlmsghdr *nlh, struct nftnl_expr *e) mnl_attr_put_u64(nlh, NFTA_LIMIT_UNIT, htobe64(limit->unit)); if (e->flags & (1 << NFTNL_EXPR_LIMIT_BURST)) mnl_attr_put_u32(nlh, NFTA_LIMIT_BURST, htonl(limit->burst)); + if (e->flags & (1 << NFTNL_EXPR_LIMIT_TYPE)) + mnl_attr_put_u32(nlh, NFTA_LIMIT_TYPE, htonl(limit->type)); } static int @@ -128,6 +138,10 @@ nftnl_expr_limit_parse(struct nftnl_expr *e, struct nlattr *attr) limit->burst = ntohl(mnl_attr_get_u32(tb[NFTA_LIMIT_BURST])); e->flags |= (1 << NFTNL_EXPR_LIMIT_BURST); } + if (tb[NFTA_LIMIT_TYPE]) { + limit->type = ntohl(mnl_attr_get_u32(tb[NFTA_LIMIT_TYPE])); + e->flags |= (1 << NFTNL_EXPR_LIMIT_TYPE); + } return 0; } @@ -146,6 +160,8 @@ static int nftnl_expr_limit_json_parse(struct nftnl_expr *e, json_t *root, nftnl_expr_set_u64(e, NFTNL_EXPR_LIMIT_UNIT, uval64); if (nftnl_jansson_parse_val(root, "burst", NFTNL_TYPE_U32, &uval32, err) == 0) nftnl_expr_set_u32(e, NFTNL_EXPR_LIMIT_BURST, uval32); + if (nftnl_jansson_parse_val(root, "type", NFTNL_TYPE_U32, &uval32, err) == 0) + nftnl_expr_set_u32(e, NFTNL_EXPR_LIMIT_TYPE, uval32); return 0; #else @@ -160,7 +176,7 @@ static int nftnl_expr_limit_xml_parse(struct nftnl_expr *e, { #ifdef XML_PARSING uint64_t rate, unit; - uint32_t burst; + uint32_t burst, type; if (nftnl_mxml_num_parse(tree, "rate", MXML_DESCEND_FIRST, BASE_DEC, &rate, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0) @@ -172,6 +188,9 @@ static int nftnl_expr_limit_xml_parse(struct nftnl_expr *e, if (nftnl_mxml_num_parse(tree, "burst", MXML_DESCEND_FIRST, BASE_DEC, &burst, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0) nftnl_expr_set_u32(e, NFTNL_EXPR_LIMIT_BURST, burst); + if (nftnl_mxml_num_parse(tree, "type", MXML_DESCEND_FIRST, BASE_DEC, + &burst, NFT_TYPE_U32, NFTNL_XML_MAND, err) == 0) + nftnl_expr_set_u32(e, NFTNL_EXPR_LIMIT_TYPE, type); return 0; #else @@ -204,17 +223,32 @@ static int nftnl_expr_limit_export(char *buf, size_t size, nftnl_buf_u64(&b, type, limit->unit, UNIT); if (e->flags & (1 << NFTNL_EXPR_LIMIT_BURST)) nftnl_buf_u32(&b, type, limit->burst, BURST); + if (e->flags & (1 << NFTNL_EXPR_LIMIT_TYPE)) + nftnl_buf_u32(&b, type, limit->type, TYPE); return nftnl_buf_done(&b); } +static const char *limit_to_type(enum nft_limit_type type) +{ + switch (type) { + default: + case NFT_LIMIT_PKTS: + return "packets"; + case NFT_LIMIT_PKT_BYTES: + return "bytes"; + } + return "unknown"; +} + static int nftnl_expr_limit_snprintf_default(char *buf, size_t len, struct nftnl_expr *e) { struct nftnl_expr_limit *limit = nftnl_expr_data(e); - return snprintf(buf, len, "rate %"PRIu64"/%s burst %u ", - limit->rate, get_unit(limit->unit), limit->burst); + return snprintf(buf, len, "rate %"PRIu64"/%s burst %u type %s ", + limit->rate, get_unit(limit->unit), limit->burst, + limit_to_type(limit->type)); } static int -- cgit v1.2.3