git.ipfire.org Git - thirdparty/nftables.git/commit

author	Arturo Borrero <arturo.borrero.glez@gmail.com>
	Tue, 23 Sep 2014 12:05:15 +0000 (14:05 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 29 Sep 2014 10:33:37 +0000 (12:33 +0200)
commit	90a0f8c443bbe33676aeff4e9782aa6b0e6c0894
tree	c5c9dd78ed5423f093fe997db595bddbee8df6e3	tree
parent	013dbc6b0a8490ba24805a8ae35d7707183b9615	commit \| diff

src: add set optimization options

This patch adds options to choose set optimization mechanisms.

Two new statements are added to the set syntax, and they can be mixed:

nft add set filter set1 { type ipv4_addr ; size 1024 ; }
nft add set filter set1 { type ipv4_addr ; policy memory ; }
nft add set filter set1 { type ipv4_addr ; policy performance ; }
nft add set filter set1 { type ipv4_addr ; policy memory ; size 1024 ; }
nft add set filter set1 { type ipv4_addr ; size 1024 ; policy memory ; }
nft add set filter set1 { type ipv4_addr ; policy performance ; size 1024 ; }
nft add set filter set1 { type ipv4_addr ; size 1024 ; policy performance ; }

Also valid for maps:

nft add map filter map1 { type ipv4_addr : verdict ; policy performace ; }
[...]

This is the output format, which can be imported later with `nft -f':

table filter {
set set1 {
type ipv4_addr
policy memory
size 1024
}
}

In this approach the parser accepts default options such as 'performance',
given they are a valid configurations, but aren't sent to the kernel.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/rule.h		diff \| blob \| blame \| history
src/netlink.c		diff \| blob \| blame \| history
src/parser.y		diff \| blob \| blame \| history
src/rule.c		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history