The idea of fanout option is to improve the performance by indexing CPU ID to map packets to the queues. This is used for load balancing. Fanout option is not required when there is a single queue specified. According to iptables, queue balance should be specified in order to use fanout, following that, throw an error in nftables if the range of queues for load balancing is not specified with the fanout option. Signed-off-by: Shivani Bhardwaj <shivanib134@xxxxxxxxx> --- src/evaluate.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/evaluate.c b/src/evaluate.c index 473f014..f3fe13d 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2000,6 +2000,11 @@ static int stmt_evaluate_queue(struct eval_ctx *ctx, struct stmt *stmt) if (!expr_is_constant(stmt->queue.queue)) return expr_error(ctx->msgs, stmt->queue.queue, "queue number is not constant"); + if (stmt->queue.queue->ops->type != EXPR_RANGE && + (stmt->queue.flags & NFT_QUEUE_FLAG_CPU_FANOUT)) + return expr_error(ctx->msgs, stmt->queue.queue, + "fanout requires queue num range" + " to be specified"); } return 0; } -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
