meter: enforce presence of a max size

author Florian Westphal <fw@strlen.de>

Wed, 2 May 2018 12:50:12 +0000 (14:50 +0200)

committer Florian Westphal <fw@strlen.de>

Wed, 2 May 2018 14:43:38 +0000 (16:43 +0200)
author Florian Westphal <fw@strlen.de>
Wed, 2 May 2018 12:50:12 +0000 (14:50 +0200)
committer Florian Westphal <fw@strlen.de>
Wed, 2 May 2018 14:43:38 +0000 (16:43 +0200)
diff --git a/include/statement.h b/include/statement.h

index fa0b5dfa4bf5605e84b24fb76140393ec4f61a7b..7315e7aeea8bc4802ec9f2438b06730402c3ddef 100644 (file)
--- a/include/statement.h
+++ b/include/statement.h
@@ -178,6 +178,7 @@ struct meter_stmt {
         struct expr             *key;
         struct stmt             *stmt;
         const char              *name;
+       uint32_t                size;
  };
  
  extern struct stmt *meter_stmt_alloc(const struct location *loc);
diff --git a/src/evaluate.c b/src/evaluate.c

index 4384e271017619c2d210c26220217e55b864b711..55e6ad1e0b749ba114050a5cb0f7a23fc618bfc8 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1995,6 +1995,7 @@ static int stmt_evaluate_meter(struct eval_ctx *ctx, struct stmt *stmt)
  
         setref = implicit_set_declaration(ctx, stmt->meter.name, key, set);
  
+       setref->set->desc.size = stmt->meter.size;
         stmt->meter.set = setref;
  
         if (stmt_evaluate(ctx, stmt->meter.stmt) < 0)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c

index 2126cf20c9955a128a9bede69ab3456e7999f79e..10b3e8cb1c1be428ffa2366300d3cedb5a1f2bd8 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1201,6 +1201,7 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx,
                 stmt->meter.set  = set_ref_expr_alloc(loc, set);
                 stmt->meter.key  = expr;
                 stmt->meter.stmt = dstmt;
+               stmt->meter.size = set->desc.size;
         } else if (expr_data != NULL) {
                 stmt = map_stmt_alloc(loc);
                 stmt->map.set   = set_ref_expr_alloc(loc, set);
diff --git a/src/parser_bison.y b/src/parser_bison.y

index f546b9edd42ec5b20f259aa25b448516278a4977..ee3600d702ced0c39b7c55524cc88e7b5596d79c 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2761,10 +2761,20 @@ meter_stmt_alloc        :       METER   identifier              '{' meter_key_expr stmt '}'
                         {
                                 $$ = meter_stmt_alloc(&@$);
                                 $$->meter.name = $2;
+                               $$->meter.size = 0xffff;
                                 $$->meter.key  = $4;
                                 $$->meter.stmt = $5;
                                 $$->location  = @$;
                         }
+                       |       METER   identifier      SIZE    NUM     '{' meter_key_expr stmt '}'
+                       {
+                               $$ = meter_stmt_alloc(&@$);
+                               $$->meter.name = $2;
+                               $$->meter.size = $4;
+                               $$->meter.key  = $6;
+                               $$->meter.stmt = $7;
+                               $$->location  = @$;
+                       }
                         ;
  
  match_stmt             :       relational_expr
diff --git a/src/statement.c b/src/statement.c

index fccf71c10b1d4248ed4beb2ad4695b83a2c1d7f0..19c30cf861c815603930f892131df82ef5a97c2b 100644 (file)
--- a/src/statement.c
+++ b/src/statement.c
@@ -114,7 +114,7 @@ static void meter_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
                 expr_print(stmt->meter.set, octx);
                 nft_print(octx, " ");
         }
-       nft_print(octx, "{ ");
+       nft_print(octx, "size %u { ", stmt->meter.size);
         expr_print(stmt->meter.key, octx);
         nft_print(octx, " ");
  
diff --git a/tests/py/ip/flowtable.t b/tests/py/ip/flowtable.t

index 4427fab88eb835682e004ced041fe599b717cc8c..7a68788a7df148eb99b1b112fc1b462e143d79de 100644 (file)
--- a/tests/py/ip/flowtable.t
+++ b/tests/py/ip/flowtable.t
@@ -2,4 +2,4 @@
  
  *ip;test-ip;input
  
-meter xyz { ip saddr timeout 30s counter};ok
+meter xyz { ip saddr timeout 30s counter};ok;meter xyz size 65535 { ip saddr timeout 30s counter}
diff --git a/tests/py/ip6/flowtable.t b/tests/py/ip6/flowtable.t

index 5c048935d726c1ac5ff1334eba53b832d41f7605..d89e90c3edc4653900645ac6722708ed82c59f2a 100644 (file)
--- a/tests/py/ip6/flowtable.t
+++ b/tests/py/ip6/flowtable.t
@@ -2,5 +2,5 @@
  
  *ip6;test-ip6;input
  
-meter acct_out { meta iif . ip6 saddr timeout 600s counter };ok;meter acct_out { iif . ip6 saddr timeout 10m counter}
-meter acct_out { ip6 saddr . meta iif timeout 600s counter };ok;meter acct_out { ip6 saddr . iif timeout 10m counter}
+meter acct_out { meta iif . ip6 saddr timeout 600s counter };ok;meter acct_out size 65535 { iif . ip6 saddr timeout 10m counter}
+meter acct_out { ip6 saddr . meta iif timeout 600s counter };ok;meter acct_out size 65535 { ip6 saddr . iif timeout 10m counter}
author	Florian Westphal <fw@strlen.de>
	Wed, 2 May 2018 12:50:12 +0000 (14:50 +0200)
committer	Florian Westphal <fw@strlen.de>
	Wed, 2 May 2018 14:43:38 +0000 (16:43 +0200)
include/statement.h		patch \| blob \| blame \| history
src/evaluate.c		patch \| blob \| blame \| history
src/netlink_delinearize.c		patch \| blob \| blame \| history
src/parser_bison.y		patch \| blob \| blame \| history
src/statement.c		patch \| blob \| blame \| history
tests/py/ip/flowtable.t		patch \| blob \| blame \| history
tests/py/ip6/flowtable.t		patch \| blob \| blame \| history