diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-17 14:50:38 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-20 13:13:40 +0100 |
commit | 6d80e0f154920b5d26aa764459ec0450a8a12b58 (patch) | |
tree | 97627d1a1935f051b83b8cb11751c92769261456 /src/evaluate.c | |
parent | 6c84577b0d23d1f3fdafb4d74fd5868e891cc6af (diff) |
src: support for counter in set definition
This patch allows you to turn on counter for each element in the set.
table ip x {
set y {
typeof ip saddr
counter
elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 }
}
chain z {
type filter hook output priority filter; policy accept;
ip daddr @y
}
}
This example shows how to turn on counters globally in the set 'y'.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index d0e712dc..6325f52e 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1307,8 +1307,17 @@ static int expr_evaluate_list(struct eval_ctx *ctx, struct expr **expr) static int expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr **expr) { + struct set *set = ctx->set; struct expr *elem = *expr; + if (elem->stmt && set->stmt && set->stmt->ops != elem->stmt->ops) + return stmt_binary_error(ctx, set->stmt, elem, + "statement mismatch, element expects %s, " + "%s has type %s", + elem->stmt->ops->name, + set_is_map(set->flags) ? "map" : "set", + set->stmt->ops->name); + if (expr_evaluate(ctx, &elem->key) < 0) return -1; |