From 92911b362e9067a9a335ac1a63e15119fb69a47d Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 18 Jan 2018 08:43:23 +0100
Subject: src: add support to add flowtables

This patch allows you to create flowtable:

 # nft add table x
 # nft add flowtable x m { hook ingress priority 10\; devices = { eth0, wlan0 }\; }

You have to specify hook and priority. So far, only the ingress hook is
supported. The priority represents where this flowtable is placed in the
ingress hook, which is registered to the devices that the user
specifies.

You can also use the 'create' command instead to bail out in case that
there is an existing flowtable with this name.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/scanner.l | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/scanner.l')

diff --git a/src/scanner.l b/src/scanner.l
index 3ea33b09..79dccda2 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -240,6 +240,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 
 "hook"			{ return HOOK; }
 "device"		{ return DEVICE; }
+"devices"		{ return DEVICES; }
 "table"			{ return TABLE; }
 "tables"		{ return TABLES; }
 "chain"			{ return CHAIN; }
@@ -251,6 +252,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "element"		{ return ELEMENT; }
 "map"			{ return MAP; }
 "maps"			{ return MAPS; }
+"flowtable"		{ return FLOWTABLE; }
 "handle"		{ return HANDLE; }
 "ruleset"		{ return RULESET; }
 "trace"			{ return TRACE; }
-- 
cgit v1.2.3