The idea of fanout option is to improve the performance by indexing CPU
ID to map packets to the queues. This is used for load balancing.
Fanout option is not required when there is a single queue specified.
According to iptables, queue balance should be specified in order to use
fanout. Following that, throw an error in nftables if the range of
queues for load balancing is not specified with the fanout option.
After this patch,
$ sudo nft add rule ip filter forward counter queue num 0 fanout
<cmdline>:1:46-46: Error: fanout requires a range to be specified
add rule ip filter forward counter queue num 0 fanout
^^^^^
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (!expr_is_constant(stmt->queue.queue))
return expr_error(ctx->msgs, stmt->queue.queue,
"queue number is not constant");
+ if (stmt->queue.queue->ops->type != EXPR_RANGE &&
+ (stmt->queue.flags & NFT_QUEUE_FLAG_CPU_FANOUT))
+ return expr_error(ctx->msgs, stmt->queue.queue,
+ "fanout requires a range to be "
+ "specified");
}
return 0;
}
queue_stmt_arg : QUEUENUM stmt_expr
{
$<stmt>0->queue.queue = $2;
+ $<stmt>0->queue.queue->location = @$;
}
| queue_stmt_flags
{
projects / thirdparty / nftables.git / commitdiff
