From a9467e55973b10c2e8fe37525514c961580f8506 Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Thu, 19 Mar 2015 13:34:18 +0000
Subject: nftables: add set statemet

The set statement is used to dynamically add or update elements in a set.

Syntax:

# nft filter input set add tcp dport @myset
# nft filter input set add ip saddr timeout 10s @myset
# nft filter input set update ip saddr timeout 10s @myset

Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 include/statement.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'include/statement.h')

diff --git a/include/statement.h b/include/statement.h
index d1431215..48e61307 100644
--- a/include/statement.h
+++ b/include/statement.h
@@ -104,6 +104,14 @@ extern struct stmt *ct_stmt_alloc(const struct location *loc,
 				  enum nft_ct_keys key,
 				  struct expr *expr);
 
+struct set_stmt {
+	struct expr		*set;
+	struct expr		*key;
+	enum nft_dynset_ops	op;
+};
+
+extern struct stmt *set_stmt_alloc(const struct location *loc);
+
 /**
  * enum stmt_types - statement types
  *
@@ -120,6 +128,7 @@ extern struct stmt *ct_stmt_alloc(const struct location *loc,
  * @STMT_REDIR:		redirect statement
  * @STMT_QUEUE:		QUEUE statement
  * @STMT_CT:		conntrack statement
+ * @STMT_SET:		set statement
  */
 enum stmt_types {
 	STMT_INVALID,
@@ -135,6 +144,7 @@ enum stmt_types {
 	STMT_REDIR,
 	STMT_QUEUE,
 	STMT_CT,
+	STMT_SET,
 };
 
 /**
@@ -184,6 +194,7 @@ struct stmt {
 		struct redir_stmt	redir;
 		struct queue_stmt	queue;
 		struct ct_stmt		ct;
+		struct set_stmt		set;
 	};
 };
 
-- 
cgit v1.2.3