diff options
author | Laura Garcia Liebana <nevola@gmail.com> | 2018-03-15 09:23:21 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-15 19:45:46 +0100 |
commit | c5ecdbf752ce0505a6696489d6df03b88cb56b0a (patch) | |
tree | cee0c7a805e7b9bc0aed7d7968260b83a48e2ab2 /src/netlink_linearize.c | |
parent | 71f755e54f034a048fdc0174b4309f1a6bde33d5 (diff) |
src: support of dynamic map addition and update of elements
The support of dynamic adds and updates are only available for sets
and meters. This patch gives such abilities to maps as well.
This patch is useful in cases where dynamic population of maps are
required, for example, to maintain a persistence during some period
of time.
Example:
table ip nftlb {
map persistencia {
type ipv4_addr : mark
timeout 1h
elements = { 192.168.1.132 expires 59m55s : 0x00000064,
192.168.56.101 expires 59m24s : 0x00000065 }
}
chain pre {
type nat hook prerouting priority 0; policy accept;
map update \
{ @nh,96,32 : numgen inc mod 2 offset 100 } @persistencia
}
}
An example of the netlink generated sequence:
nft --debug=netlink add rule ip nftlb pre map add \
{ ip saddr : numgen inc mod 2 offset 100 } @persistencia
ip nftlb pre
[ payload load 4b @ network header + 12 => reg 1 ]
[ numgen reg 2 = inc mod 2 offset 100 ]
[ dynset add reg_key 1 set persistencia sreg_data 2 ]
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 5edb2d3d..be1c750c 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -1234,6 +1234,33 @@ static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, nftnl_rule_add_expr(ctx->nlr, nle); } +static void netlink_gen_map_stmt(struct netlink_linearize_ctx *ctx, + const struct stmt *stmt) +{ + struct nftnl_expr *nle; + enum nft_registers sreg_key; + enum nft_registers sreg_data; + + sreg_key = get_register(ctx, stmt->map.map->map->key); + netlink_gen_expr(ctx, stmt->map.map->map->key, sreg_key); + + sreg_data = get_register(ctx, stmt->map.map->mappings); + netlink_gen_expr(ctx, stmt->map.map->mappings, sreg_data); + + release_register(ctx, stmt->map.map->map->key); + release_register(ctx, stmt->map.map->mappings); + + nle = alloc_nft_expr("dynset"); + netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY, sreg_key); + netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_DATA, sreg_data); + + nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_OP, stmt->map.op); + nftnl_expr_set_str(nle, NFTNL_EXPR_DYNSET_SET_NAME, stmt->map.set->identifier); + nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, stmt->map.set->set->handle.set_id); + + nftnl_rule_add_expr(ctx->nlr, nle); +} + static void netlink_gen_meter_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { @@ -1315,6 +1342,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, return netlink_gen_flow_offload_stmt(ctx, stmt); case STMT_OBJREF: return netlink_gen_objref_stmt(ctx, stmt); + case STMT_MAP: + return netlink_gen_map_stmt(ctx, stmt); default: BUG("unknown statement type %s\n", stmt->ops->name); } |