src: support for counter in set definition

This patch allows you to turn on counter for each element in the set. table ip x { set y { typeof ip saddr counter elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 } } chain z { type filter hook output priority filter; policy accept; ip daddr @y } } This example shows how to turn on counters globally in the set 'y'. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2020-03-17 14:50:38 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-03-20 13:13:40 +0100
commit: 6d80e0f154920b5d26aa764459ec0450a8a12b58 (patch)
tree: 97627d1a1935f051b83b8cb11751c92769261456 /src/netlink.c
parent: 6c84577b0d23d1f3fdafb4d74fd5868e891cc6af (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/netlink.c b/src/netlink.c
index e10af564..b254753f 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -766,6 +766,13 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
 	set->handle.set.name = xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME));
 	set->automerge	   = automerge;
 
+	if (nftnl_set_is_set(nls, NFTNL_SET_EXPR)) {
+		const struct nftnl_expr *nle;
+
+		nle = nftnl_set_get(nls, NFTNL_SET_EXPR);
+		set->stmt = netlink_parse_set_expr(set, &ctx->nft->cache, nle);
+	}
+
 	if (datatype) {
 		dtype = set_datatype_alloc(datatype, databyteorder);
 		klen = nftnl_set_get_u32(nls, NFTNL_SET_DATA_LEN) * BITS_PER_BYTE;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2020-03-17 14:50:38 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-03-20 13:13:40 +0100
commit	6d80e0f154920b5d26aa764459ec0450a8a12b58 (patch)
tree	97627d1a1935f051b83b8cb11751c92769261456 /src/netlink.c
parent	6c84577b0d23d1f3fdafb4d74fd5868e891cc6af (diff)