From a9467e55973b10c2e8fe37525514c961580f8506 Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Thu, 19 Mar 2015 13:34:18 +0000
Subject: nftables: add set statemet

The set statement is used to dynamically add or update elements in a set.

Syntax:

# nft filter input set add tcp dport @myset
# nft filter input set add ip saddr timeout 10s @myset
# nft filter input set update ip saddr timeout 10s @myset

Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 src/statement.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'src/statement.c')

diff --git a/src/statement.c b/src/statement.c
index d72c6e9b..9ebc5938 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -377,3 +377,34 @@ struct stmt *redir_stmt_alloc(const struct location *loc)
 {
 	return stmt_alloc(loc, &redir_stmt_ops);
 }
+
+static const char * const set_stmt_op_names[] = {
+	[NFT_DYNSET_OP_ADD]	= "add",
+	[NFT_DYNSET_OP_UPDATE]	= "update",
+};
+
+static void set_stmt_print(const struct stmt *stmt)
+{
+	printf("set %s ", set_stmt_op_names[stmt->set.op]);
+	expr_print(stmt->set.key);
+	printf(" ");
+	expr_print(stmt->set.set);
+}
+
+static void set_stmt_destroy(struct stmt *stmt)
+{
+	expr_free(stmt->set.key);
+	expr_free(stmt->set.set);
+}
+
+static const struct stmt_ops set_stmt_ops = {
+	.type		= STMT_SET,
+	.name		= "set",
+	.print		= set_stmt_print,
+	.destroy	= set_stmt_destroy,
+};
+
+struct stmt *set_stmt_alloc(const struct location *loc)
+{
+	return stmt_alloc(loc, &set_stmt_ops);
+}
-- 
cgit v1.2.3