diff options
| author | Laura Garcia Liebana <nevola@gmail.com> | 2018-03-15 09:23:21 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-15 19:45:46 +0100 |
| commit | c5ecdbf752ce0505a6696489d6df03b88cb56b0a (patch) | |
| tree | cee0c7a805e7b9bc0aed7d7968260b83a48e2ab2 /include | |
| parent | 71f755e54f034a048fdc0174b4309f1a6bde33d5 (diff) | |
src: support of dynamic map addition and update of elements
The support of dynamic adds and updates are only available for sets
and meters. This patch gives such abilities to maps as well.
This patch is useful in cases where dynamic population of maps are
required, for example, to maintain a persistence during some period
of time.
Example:
table ip nftlb {
map persistencia {
type ipv4_addr : mark
timeout 1h
elements = { 192.168.1.132 expires 59m55s : 0x00000064,
192.168.56.101 expires 59m24s : 0x00000065 }
}
chain pre {
type nat hook prerouting priority 0; policy accept;
map update \
{ @nh,96,32 : numgen inc mod 2 offset 100 } @persistencia
}
}
An example of the netlink generated sequence:
nft --debug=netlink add rule ip nftlb pre map add \
{ ip saddr : numgen inc mod 2 offset 100 } @persistencia
ip nftlb pre
[ payload load 4b @ network header + 12 => reg 1 ]
[ numgen reg 2 = inc mod 2 offset 100 ]
[ dynset add reg_key 1 set persistencia sreg_data 2 ]
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/statement.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/statement.h b/include/statement.h index 27c73567..bb4af9d3 100644 --- a/include/statement.h +++ b/include/statement.h @@ -171,6 +171,14 @@ struct set_stmt { extern struct stmt *set_stmt_alloc(const struct location *loc); +struct map_stmt { + struct expr *set; + struct expr *map; + enum nft_dynset_ops op; +}; + +extern struct stmt *map_stmt_alloc(const struct location *loc); + struct meter_stmt { struct expr *set; struct expr *key; @@ -238,6 +246,7 @@ extern struct stmt *xt_stmt_alloc(const struct location *loc); * @STMT_OBJREF: stateful object reference statement * @STMT_EXTHDR: extension header statement * @STMT_FLOW_OFFLOAD: flow offload statement + * @STMT_MAP: map statement */ enum stmt_types { STMT_INVALID, @@ -264,6 +273,7 @@ enum stmt_types { STMT_OBJREF, STMT_EXTHDR, STMT_FLOW_OFFLOAD, + STMT_MAP, }; /** @@ -325,6 +335,7 @@ struct stmt { struct xt_stmt xt; struct objref_stmt objref; struct flow_stmt flow; + struct map_stmt map; }; }; |