diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-07-20 12:17:33 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-07-20 17:47:55 +0200 |
commit | 9edaa6a51eab49a378dd358e0b4254d0398c629f (patch) | |
tree | cb44b02953b6672d4239ec6f97c3d59de5d6cb10 /include | |
parent | 640dc0c8a3daef65cd93868939b5a2877615f2d5 (diff) |
src: add --define key=value
This patch adds a new option to define variables from the command line.
# cat test.nft
table netdev x {
chain y {
type filter hook ingress devices = $dev priority 0;
counter accept
}
}
# nft --define dev="{ eth0, eth1 }" -f test.nft
You can only combine it with -f/--filename.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/nftables.h | 11 | ||||
-rw-r--r-- | include/nftables/libnftables.h | 2 |
2 files changed, 13 insertions, 0 deletions
diff --git a/include/nftables.h b/include/nftables.h index f239fcf0..7b633905 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -100,12 +100,23 @@ struct mnl_socket; struct parser_state; struct scope; +struct nft_vars { + const char *key; + const char *value; +}; + #define MAX_INCLUDE_DEPTH 16 struct nft_ctx { struct mnl_socket *nf_sock; char **include_paths; unsigned int num_include_paths; + struct nft_vars *vars; + struct { + const char *buf; + struct list_head indesc_list; + } vars_ctx; + unsigned int num_vars; unsigned int parser_max_errors; unsigned int debug_mask; struct output_ctx output; diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h index 765b20dd..aaf7388e 100644 --- a/include/nftables/libnftables.h +++ b/include/nftables/libnftables.h @@ -78,6 +78,8 @@ const char *nft_ctx_get_error_buffer(struct nft_ctx *ctx); int nft_ctx_add_include_path(struct nft_ctx *ctx, const char *path); void nft_ctx_clear_include_paths(struct nft_ctx *ctx); +int nft_ctx_add_var(struct nft_ctx *ctx, const char *var); + int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf); int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename); |