summaryrefslogtreecommitdiffstats
path: root/include/rule.h
diff options
context:
space:
mode:
authorArturo Borrero <arturo.borrero.glez@gmail.com>2014-09-23 14:05:15 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2014-09-29 12:33:37 +0200
commit90a0f8c443bbe33676aeff4e9782aa6b0e6c0894 (patch)
treec5c9dd78ed5423f093fe997db595bddbee8df6e3 /include/rule.h
parent013dbc6b0a8490ba24805a8ae35d7707183b9615 (diff)
src: add set optimization options
This patch adds options to choose set optimization mechanisms. Two new statements are added to the set syntax, and they can be mixed: nft add set filter set1 { type ipv4_addr ; size 1024 ; } nft add set filter set1 { type ipv4_addr ; policy memory ; } nft add set filter set1 { type ipv4_addr ; policy performance ; } nft add set filter set1 { type ipv4_addr ; policy memory ; size 1024 ; } nft add set filter set1 { type ipv4_addr ; size 1024 ; policy memory ; } nft add set filter set1 { type ipv4_addr ; policy performance ; size 1024 ; } nft add set filter set1 { type ipv4_addr ; size 1024 ; policy performance ; } Also valid for maps: nft add map filter map1 { type ipv4_addr : verdict ; policy performace ; } [...] This is the output format, which can be imported later with `nft -f': table filter { set set1 { type ipv4_addr policy memory size 1024 } } In this approach the parser accepts default options such as 'performance', given they are a valid configurations, but aren't sent to the kernel. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/rule.h')
-rw-r--r--include/rule.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h
index 88aefc69..a1d58900 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -180,6 +180,8 @@ enum set_flags {
* @datatype: mapping data type
* @datalen: mapping data len
* @init: initializer
+ * @policy: set mechanism policy
+ * @desc: set mechanism desc
*/
struct set {
struct list_head list;
@@ -192,6 +194,10 @@ struct set {
const struct datatype *datatype;
unsigned int datalen;
struct expr *init;
+ uint32_t policy;
+ struct {
+ uint32_t size;
+ } desc;
};
extern struct set *set_alloc(const struct location *loc);