flowtable: allow to specify size

This new attribute allows you to specify the flowtable size.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/libnftnl/flowtable.h b/include/libnftnl/flowtable.h
index 0f8f3252da183d8c799750c77d8cf40cd42ef107..06b06a6f627fdafd6e86f00cadb9162cba600dd6 100644 (file)
--- a/include/libnftnl/flowtable.h
+++ b/include/libnftnl/flowtable.h
@@ -25,6 +25,7 @@ enum nftnl_flowtable_attr {
        NFTNL_FLOWTABLE_PRIO    = 4,
        NFTNL_FLOWTABLE_USE,
        NFTNL_FLOWTABLE_DEVICES,
+       NFTNL_FLOWTABLE_SIZE,
        __NFTNL_FLOWTABLE_MAX
 };
 #define NFTNL_FLOWTABLE_MAX (__NFTNL_FLOWTABLE_MAX - 1)

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index ede8c4de9453c612ceafb35ff2bff33e693b8a07..3f725200cb7bf4d596da31785a5b8938feb53ac1 100644 (file)
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1328,6 +1328,8 @@ enum nft_object_attributes {
  * @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING)
  * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32)
  * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32)
+ * @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64)
+ * @NFTA_FLOWTABLE_SIZE: maximum size (NLA_U32)
  */
 enum nft_flowtable_attributes {
        NFTA_FLOWTABLE_UNSPEC,
@@ -1335,6 +1337,9 @@ enum nft_flowtable_attributes {
        NFTA_FLOWTABLE_NAME,
        NFTA_FLOWTABLE_HOOK,
        NFTA_FLOWTABLE_USE,
+       NFTA_FLOWTABLE_HANDLE,
+       NFTA_FLOWTABLE_PAD,
+       NFTA_FLOWTABLE_SIZE,
        __NFTA_FLOWTABLE_MAX
 };
 #define NFTA_FLOWTABLE_MAX     (__NFTA_FLOWTABLE_MAX - 1)

diff --git a/src/flowtable.c b/src/flowtable.c
index 61f18044c49147830527c9234adaecf59d97aa71..b62aa657e79360df92e71d72e601c2135a4bfe4b 100644 (file)
--- a/src/flowtable.c
+++ b/src/flowtable.c
@@ -26,6 +26,7 @@ struct nftnl_flowtable {
        int                     family;
        uint32_t                hooknum;
        int32_t                 prio;
+       uint32_t                size;
        const char              **dev_array;
        uint32_t                dev_array_len;
        uint32_t                use;
@@ -157,6 +158,9 @@ int nftnl_flowtable_set_data(struct nftnl_flowtable *c, uint16_t attr,
 
                c->dev_array_len = len;
                break;
+       case NFTNL_FLOWTABLE_SIZE:
+               memcpy(&c->size, data, sizeof(c->size));
+               break;
        }
        c->flags |= (1 << attr);
        return 0;
@@ -217,6 +221,9 @@ const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c,
                return &c->family;
        case NFTNL_FLOWTABLE_DEVICES:
                return &c->dev_array[0];
+       case NFTNL_FLOWTABLE_SIZE:
+               *data_len = sizeof(int32_t);
+               return &c->size;
        }
        return NULL;
 }
@@ -293,6 +300,8 @@ void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh,
        }
        if (c->flags & (1 << NFTNL_FLOWTABLE_USE))
                mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_USE, htonl(c->use));
+       if (c->flags & (1 << NFTNL_FLOWTABLE_SIZE))
+               mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_SIZE, htonl(c->size));
 }
 EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload);
 
@@ -438,6 +447,10 @@ int nftnl_flowtable_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_flowtab
                c->use = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_USE]));
                c->flags |= (1 << NFTNL_FLOWTABLE_USE);
        }
+       if (tb[NFTA_FLOWTABLE_SIZE]) {
+               c->size = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_SIZE]));
+               c->flags |= (1 << NFTNL_FLOWTABLE_SIZE);
+       }
 
        c->family = nfg->nfgen_family;
        c->flags |= (1 << NFTNL_FLOWTABLE_FAMILY);
@@ -504,6 +517,7 @@ static int nftnl_jansson_parse_flowtable(struct nftnl_flowtable *c,
 {
        const char *name, *table, *hooknum_str;
        int32_t family, prio, hooknum;
+       uint32_t size;
        json_t *root;
 
        root = nftnl_jansson_get_node(tree, "flowtable", err);
@@ -536,6 +550,9 @@ static int nftnl_jansson_parse_flowtable(struct nftnl_flowtable *c,
                                               hooknum);
                }
        }
+       if (nftnl_jansson_parse_val(root, "size", NFTNL_TYPE_U32,
+                                   &size, err) == 0)
+               nftnl_flowtable_set_u32(c, NFTNL_FLOWTABLE_SIZE, size);
 
        return 0;
 }
@@ -628,6 +645,8 @@ static int nftnl_flowtable_export(char *buf, size_t size,
                if (c->flags & (1 << NFTNL_FLOWTABLE_PRIO))
                        nftnl_buf_s32(&b, type, c->prio, PRIO);
        }
+       if (c->flags & (1 << NFTNL_FLOWTABLE_SIZE))
+               nftnl_buf_u32(&b, type, c->size, SIZE);
 
        nftnl_buf_close(&b, type, CHAIN);
 
@@ -639,8 +658,8 @@ static int nftnl_flowtable_snprintf_default(char *buf, size_t size,
 {
        int ret, remain = size, offset = 0, i;
 
-       ret = snprintf(buf, remain, "flow table %s %s use %u",
-                      c->table, c->name, c->use);
+       ret = snprintf(buf, remain, "flow table %s %s use %u size %u",
+                      c->table, c->name, c->use, c->size);
        SNPRINTF_BUFFER_SIZE(ret, remain, offset);
 
        if (c->flags & (1 << NFTNL_FLOWTABLE_HOOKNUM)) {