diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-24 18:38:51 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-26 15:10:26 +0100 |
commit | b119428c934c7d356023828fed6a83b12bbcaa1f (patch) | |
tree | 78fd4c408ab47ac158059672f961b82c9c8688ab /src | |
parent | 15a62af1868efa5df504f68afe50300fa7667f82 (diff) |
src: add support for flowtable counter
Allow users to enable flow counters via control plane toggle, e.g.
table ip x {
flowtable y {
hook ingress priority 0;
counter;
}
chain z {
type filter hook ingress priority filter;
flow add @z
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/mnl.c | 3 | ||||
-rw-r--r-- | src/netlink.c | 2 | ||||
-rw-r--r-- | src/parser_bison.y | 4 | ||||
-rw-r--r-- | src/rule.c | 4 |
4 files changed, 13 insertions, 0 deletions
@@ -1629,6 +1629,9 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd, free(dev_array); + nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FLAGS, + cmd->flowtable->flags); + netlink_dump_flowtable(flo, ctx); nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), diff --git a/src/netlink.c b/src/netlink.c index b254753f..ab1afd42 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1342,6 +1342,8 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx, &priority); flowtable->hooknum = nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_HOOKNUM); + flowtable->flags = + nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_FLAGS); return flowtable; } diff --git a/src/parser_bison.y b/src/parser_bison.y index e14118ca..9976bcaf 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1892,6 +1892,10 @@ flowtable_block : /* empty */ { $$ = $<flowtable>-1; } { $$->dev_expr = $4; } + | flowtable_block COUNTER + { + $$->flags |= NFT_FLOWTABLE_COUNTER; + } ; flowtable_expr : '{' flowtable_list_expr '}' @@ -2247,6 +2247,10 @@ static void flowtable_print_declaration(const struct flowtable *flowtable, nft_print(octx, ", "); } nft_print(octx, " }%s", opts->stmt_separator); + + if (flowtable->flags & NFT_FLOWTABLE_COUNTER) + nft_print(octx, "%s%scounter%s", opts->tab, opts->tab, + opts->stmt_separator); } static void do_flowtable_print(const struct flowtable *flowtable, |