diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-11 17:19:20 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-12 19:37:38 +0200 |
commit | 1c18c3c167812cd63d6e33ed6985e35c8aa3c775 (patch) | |
tree | 7a090e9a302e657368f49f547790f2143e5a926b | |
parent | bbbed9f3175c5260332ae7e6800b3a6791418fd2 (diff) |
src: add dynamic flag and use it
We need to signal the kernel to use a set backend that supports dynamic
updates.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/parser_bison.y | 2 | ||||
-rw-r--r-- | src/scanner.l | 1 | ||||
-rwxr-xr-x | tests/shell/testcases/sets/0028autoselect_0 | 6 | ||||
-rwxr-xr-x | tests/shell/testcases/sets/0031set_timeout_size_0 | 2 |
4 files changed, 7 insertions, 4 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 33915ed8..98bfebad 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -242,6 +242,7 @@ int nft_lex(void *, void *, void *); %token CONSTANT "constant" %token INTERVAL "interval" +%token DYNAMIC "dynamic" %token AUTOMERGE "auto-merge" %token TIMEOUT "timeout" %token GC_INTERVAL "gc-interval" @@ -1541,6 +1542,7 @@ set_flag_list : set_flag_list COMMA set_flag set_flag : CONSTANT { $$ = NFT_SET_CONSTANT; } | INTERVAL { $$ = NFT_SET_INTERVAL; } | TIMEOUT { $$ = NFT_SET_TIMEOUT; } + | DYNAMIC { $$ = NFT_SET_EVAL; } ; map_block_alloc : /* empty */ diff --git a/src/scanner.l b/src/scanner.l index 416bd27a..657fa2da 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -293,6 +293,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "constant" { return CONSTANT; } "interval" { return INTERVAL; } +"dynamic" { return DYNAMIC; } "auto-merge" { return AUTOMERGE; } "timeout" { return TIMEOUT; } "gc-interval" { return GC_INTERVAL; } diff --git a/tests/shell/testcases/sets/0028autoselect_0 b/tests/shell/testcases/sets/0028autoselect_0 index 71174337..23f43a22 100755 --- a/tests/shell/testcases/sets/0028autoselect_0 +++ b/tests/shell/testcases/sets/0028autoselect_0 @@ -7,9 +7,9 @@ set -e $NFT add table t -$NFT add set t s1 { type inet_proto \; } -$NFT add set t s2 { type ipv4_addr \; } -$NFT add set t s3 { type ipv4_addr \; size 1024\; } +$NFT add set t s1 { type inet_proto \; flags dynamic \; } +$NFT add set t s2 { type ipv4_addr \; flags dynamic \; } +$NFT add set t s3 { type ipv4_addr \; size 1024\; flags dynamic \; } $NFT add chain t c {type filter hook input priority 0 \; } $NFT add rule t c meta iifname foobar add @s1 { ip protocol } diff --git a/tests/shell/testcases/sets/0031set_timeout_size_0 b/tests/shell/testcases/sets/0031set_timeout_size_0 index f1d9aa60..9edd5f6f 100755 --- a/tests/shell/testcases/sets/0031set_timeout_size_0 +++ b/tests/shell/testcases/sets/0031set_timeout_size_0 @@ -1,7 +1,7 @@ #!/bin/bash RULESET="add table x -add set x y { type ipv4_addr; size 128; timeout 30s; } +add set x y { type ipv4_addr; size 128; timeout 30s; flags dynamic; } add chain x test add rule x test set update ip saddr timeout 1d2h3m4s8ms @y add rule x test set update ip daddr timeout 100ms @y" |