[PATCH nft] src: add support for flowtable counter

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Thu, 26 Mar 2020 15:08:16 +0100

Allow users to enable flow counters via control plane toggle, e.g.

 table ip x {
	flowtable y {
		hook ingress priority 0;
		counter;
	}

	chain z {
		type filter hook ingress priority filter;
		flow add @z
	}
 }

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 include/rule.h     | 1 +
 src/mnl.c          | 3 +++
 src/netlink.c      | 2 ++
 src/parser_bison.y | 4 ++++
 src/rule.c         | 4 ++++
 5 files changed, 14 insertions(+)

diff --git a/include/rule.h b/include/rule.h
index 70c8c4cf7b43..db11b1d60658 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -491,6 +491,7 @@ struct flowtable {
 	const char		**dev_array;
 	struct expr		*dev_expr;
 	int			dev_array_len;
+	uint32_t		flags;
 	unsigned int		refcnt;
 };
 
diff --git a/src/mnl.c b/src/mnl.c
index 18a73e2878b6..2eea85e838fc 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -1629,6 +1629,9 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd,
 
 	free(dev_array);
 
+	nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FLAGS,
+				cmd->flowtable->flags);
+
 	netlink_dump_flowtable(flo, ctx);
 
 	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
diff --git a/src/netlink.c b/src/netlink.c
index b254753f7424..ab1afd42f60b 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1342,6 +1342,8 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx,
 						    &priority);
 	flowtable->hooknum =
 		nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_HOOKNUM);
+	flowtable->flags =
+		nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_FLAGS);
 
 	return flowtable;
 }
diff --git a/src/parser_bison.y b/src/parser_bison.y
index e14118ca971e..605eef53e544 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1892,6 +1892,10 @@ flowtable_block		:	/* empty */	{ $$ = $<flowtable>-1; }
 			{
 				$$->dev_expr = $4;
 			}
+			|	COUNTER
+			{
+				$$->flags |= NFT_FLOWTABLE_COUNTER;
+			}
 			;
 
 flowtable_expr		:	'{'	flowtable_list_expr	'}'
diff --git a/src/rule.c b/src/rule.c
index ab99bbd22616..92fa129be077 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -2247,6 +2247,10 @@ static void flowtable_print_declaration(const struct flowtable *flowtable,
 			nft_print(octx, ", ");
 	}
 	nft_print(octx, " }%s", opts->stmt_separator);
+
+	if (flowtable->flags & NFT_FLOWTABLE_COUNTER)
+		nft_print(octx, "%s%scounter%s", opts->tab, opts->tab,
+			  opts->stmt_separator);
 }
 
 static void do_flowtable_print(const struct flowtable *flowtable,
-- 
2.11.0







