From: Shivani Bhardwaj Date: Thu, 7 Apr 2016 17:28:54 +0000 (+0530) Subject: src: evaluate: Show error for fanout without balance X-Git-Tag: v0.6~73 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b9d6a7b68e93c9a7a48b2dada6e7380190480b79;p=thirdparty%2Fnftables.git src: evaluate: Show error for fanout without balance The idea of fanout option is to improve the performance by indexing CPU ID to map packets to the queues. This is used for load balancing. Fanout option is not required when there is a single queue specified. According to iptables, queue balance should be specified in order to use fanout. Following that, throw an error in nftables if the range of queues for load balancing is not specified with the fanout option. After this patch, $ sudo nft add rule ip filter forward counter queue num 0 fanout :1:46-46: Error: fanout requires a range to be specified add rule ip filter forward counter queue num 0 fanout ^^^^^ Signed-off-by: Shivani Bhardwaj Signed-off-by: Pablo Neira Ayuso --- diff --git a/src/evaluate.c b/src/evaluate.c index d9ac8542..346e34fc 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2006,6 +2006,11 @@ static int stmt_evaluate_queue(struct eval_ctx *ctx, struct stmt *stmt) if (!expr_is_constant(stmt->queue.queue)) return expr_error(ctx->msgs, stmt->queue.queue, "queue number is not constant"); + if (stmt->queue.queue->ops->type != EXPR_RANGE && + (stmt->queue.flags & NFT_QUEUE_FLAG_CPU_FANOUT)) + return expr_error(ctx->msgs, stmt->queue.queue, + "fanout requires a range to be " + "specified"); } return 0; } diff --git a/src/parser_bison.y b/src/parser_bison.y index 4b7c1f5a..444ed4c2 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1722,6 +1722,7 @@ queue_stmt_args : queue_stmt_arg queue_stmt_arg : QUEUENUM stmt_expr { $0->queue.queue = $2; + $0->queue.queue->location = @$; } | queue_stmt_flags {