path: root/src/netlink_linearize.c
diff options
authorPablo Neira Ayuso <>2017-11-23 15:14:01 +0100
committerPablo Neira Ayuso <>2017-11-24 15:03:28 +0100
commit48661c54357aea271bf87ab2b6ef907eafc97e9a (patch)
tree9222b459849f9db7332b71866df33225d9b12920 /src/netlink_linearize.c
parent932847e0c3df8f6ee3dc4478f1ef0728926d9544 (diff)
src: deprecate "flow table" syntax, replace it by "meter"
According to bugzilla 1137: "flow tables" should not be syntactically unique. "Flow tables are always named, but they don't conform to the way sets, maps, and dictionaries work in terms of "add" and "delete" and all that. They are also "flow tables" instead of one word like "flows" or "throttle" or something. It seems weird to just have these break the syntactic expectations." Personally, I never liked the reference to "table" since we have very specific semantics in terms of what a "table" is netfilter for long time. This patch promotes "meter" as the new keyword. The former syntax is still accepted for a while, just to reduce chances of breaking things. At some point the former syntax will just be removed. Closes: Signed-off-by: Pablo Neira Ayuso <> Acked-by: Arturo Borrero Gonzalez <>
Diffstat (limited to 'src/netlink_linearize.c')
1 files changed, 13 insertions, 13 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index fb2d2501..cf6ffdb0 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1204,7 +1204,7 @@ static void netlink_gen_notrack_stmt(struct netlink_linearize_ctx *ctx,
static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx,
const struct stmt *stmt)
- struct set *set = stmt->flow.set->set;
+ struct set *set = stmt->meter.set->set;
struct nftnl_expr *nle;
enum nft_registers sreg_key;
@@ -1223,34 +1223,34 @@ static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx,
nftnl_rule_add_expr(ctx->nlr, nle);
-static void netlink_gen_flow_stmt(struct netlink_linearize_ctx *ctx,
- const struct stmt *stmt)
+static void netlink_gen_meter_stmt(struct netlink_linearize_ctx *ctx,
+ const struct stmt *stmt)
struct nftnl_expr *nle;
enum nft_registers sreg_key;
enum nft_dynset_ops op;
struct set *set;
- sreg_key = get_register(ctx, stmt->flow.key->key);
- netlink_gen_expr(ctx, stmt->flow.key->key, sreg_key);
- release_register(ctx, stmt->flow.key->key);
+ sreg_key = get_register(ctx, stmt->meter.key->key);
+ netlink_gen_expr(ctx, stmt->meter.key->key, sreg_key);
+ release_register(ctx, stmt->meter.key->key);
- set = stmt->flow.set->set;
- if (stmt->flow.key->timeout)
+ set = stmt->meter.set->set;
+ if (stmt->meter.key->timeout)
nle = alloc_nft_expr("dynset");
netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY, sreg_key);
- if (stmt->flow.key->timeout)
+ if (stmt->meter.key->timeout)
nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT,
- stmt->flow.key->timeout);
+ stmt->meter.key->timeout);
nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_OP, op);
nftnl_expr_set_str(nle, NFTNL_EXPR_DYNSET_SET_NAME, set->handle.set);
nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, set->handle.set_id);
nftnl_expr_set(nle, NFTNL_EXPR_DYNSET_EXPR,
- netlink_gen_stmt_stateful(ctx, stmt->flow.stmt), 0);
+ netlink_gen_stmt_stateful(ctx, stmt->meter.stmt), 0);
nftnl_rule_add_expr(ctx->nlr, nle);
@@ -1264,8 +1264,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx,
return netlink_gen_expr(ctx, stmt->expr, NFT_REG_VERDICT);
return netlink_gen_verdict_stmt(ctx, stmt);
- case STMT_FLOW:
- return netlink_gen_flow_stmt(ctx, stmt);
+ case STMT_METER:
+ return netlink_gen_meter_stmt(ctx, stmt);
return netlink_gen_exthdr_stmt(ctx, stmt);