diff options
author | Patrick McHardy <kaber@trash.net> | 2015-03-19 13:34:18 +0000 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2015-04-12 21:02:38 +0100 |
commit | a9467e55973b10c2e8fe37525514c961580f8506 (patch) | |
tree | d522421a374cc5facc7cea20107e4fe0fbc337e7 /src/statement.c | |
parent | 35960e1e19bfe9135e33f13615d7d403d129192b (diff) |
nftables: add set statemet
The set statement is used to dynamically add or update elements in a set.
Syntax:
# nft filter input set add tcp dport @myset
# nft filter input set add ip saddr timeout 10s @myset
# nft filter input set update ip saddr timeout 10s @myset
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'src/statement.c')
-rw-r--r-- | src/statement.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/statement.c b/src/statement.c index d72c6e9b..9ebc5938 100644 --- a/src/statement.c +++ b/src/statement.c @@ -377,3 +377,34 @@ struct stmt *redir_stmt_alloc(const struct location *loc) { return stmt_alloc(loc, &redir_stmt_ops); } + +static const char * const set_stmt_op_names[] = { + [NFT_DYNSET_OP_ADD] = "add", + [NFT_DYNSET_OP_UPDATE] = "update", +}; + +static void set_stmt_print(const struct stmt *stmt) +{ + printf("set %s ", set_stmt_op_names[stmt->set.op]); + expr_print(stmt->set.key); + printf(" "); + expr_print(stmt->set.set); +} + +static void set_stmt_destroy(struct stmt *stmt) +{ + expr_free(stmt->set.key); + expr_free(stmt->set.set); +} + +static const struct stmt_ops set_stmt_ops = { + .type = STMT_SET, + .name = "set", + .print = set_stmt_print, + .destroy = set_stmt_destroy, +}; + +struct stmt *set_stmt_alloc(const struct location *loc) +{ + return stmt_alloc(loc, &set_stmt_ops); +} |