diff options
author | Patrick McHardy <kaber@trash.net> | 2015-03-19 13:34:18 +0000 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2015-04-12 21:02:38 +0100 |
commit | a9467e55973b10c2e8fe37525514c961580f8506 (patch) | |
tree | d522421a374cc5facc7cea20107e4fe0fbc337e7 /src/netlink_linearize.c | |
parent | 35960e1e19bfe9135e33f13615d7d403d129192b (diff) |
nftables: add set statemet
The set statement is used to dynamically add or update elements in a set.
Syntax:
# nft filter input set add tcp dport @myset
# nft filter input set add ip saddr timeout 10s @myset
# nft filter input set update ip saddr timeout 10s @myset
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index d1414c14..09ba2eff 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -800,6 +800,28 @@ static void netlink_gen_ct_stmt(struct netlink_linearize_ctx *ctx, nft_rule_add_expr(ctx->nlr, nle); } +static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, + const struct stmt *stmt) +{ + struct nft_rule_expr *nle; + enum nft_registers sreg_key; + + sreg_key = get_register(ctx); + netlink_gen_expr(ctx, stmt->set.key, sreg_key); + release_register(ctx); + + nle = alloc_nft_expr("dynset"); + netlink_put_register(nle, NFT_EXPR_DYNSET_SREG_KEY, sreg_key); + nft_rule_expr_set_u64(nle, NFT_EXPR_DYNSET_TIMEOUT, + stmt->set.key->timeout); + nft_rule_expr_set_u32(nle, NFT_EXPR_DYNSET_OP, stmt->set.op); + nft_rule_expr_set_str(nle, NFT_EXPR_DYNSET_SET_NAME, + stmt->set.set->set->handle.set); + nft_rule_expr_set_u32(nle, NFT_EXPR_DYNSET_SET_ID, + stmt->set.set->set->handle.set_id); + nft_rule_add_expr(ctx->nlr, nle); +} + static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { @@ -828,6 +850,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, return netlink_gen_queue_stmt(ctx, stmt); case STMT_CT: return netlink_gen_ct_stmt(ctx, stmt); + case STMT_SET: + return netlink_gen_set_stmt(ctx, stmt); default: BUG("unknown statement type %s\n", stmt->ops->name); } |