src: revisit syntax to update sets and maps from packet path

For sets, we allow this:

	nft add rule x y ip protocol tcp update @y { ip saddr}

For maps:

table ip nftlb {
        map persistencia {
            type ipv4_addr : mark
            timeout 1h
            elements = { 192.168.1.132 expires 59m55s : 0x00000064,
                         192.168.56.101 expires 59m24s : 0x00000065 }
        }

        chain pre {
            type nat hook prerouting priority 0; policy accept;
            update @persistencia \
                { @nh,96,32 : numgen inc mod 2 offset 100 }
        }
    }

nft --debug=netlink add rule ip nftlb pre add @persistencia \
        { ip saddr : numgen inc mod 2 offset 100 }

More compact and it doesn't gets it confused with a simple map update
command (interesting that bison didn't spew any conflict error).

Former syntax for sets is preserved.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 9 insertions, 2 deletions

diff --git a/src/parser_bison.y b/src/parser_bison.y
index bdf2fb49..9c143832 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2713,18 +2713,25 @@ set_stmt		:	SET	set_stmt_op	set_elem_expr_stmt	symbol_expr
 				$$->set.key = $3;
 				$$->set.set = $4;
 			}
+			|	set_stmt_op	symbol_expr	'{' set_elem_expr_stmt	'}'
+			{
+				$$ = set_stmt_alloc(&@$);
+				$$->set.op  = $1;
+				$$->set.key = $4;
+				$$->set.set = $2;
+			}
 			;
 
 set_stmt_op		:	ADD	{ $$ = NFT_DYNSET_OP_ADD; }
 			|	UPDATE	{ $$ = NFT_DYNSET_OP_UPDATE; }
 			;
 
-map_stmt		:	set_stmt_op	MAP '{'	set_elem_expr_stmt	COLON	set_elem_expr_stmt	'}'	symbol_expr
+map_stmt		:	set_stmt_op	symbol_expr '{'	set_elem_expr_stmt	COLON	set_elem_expr_stmt	'}'
 			{
 				$$ = map_stmt_alloc(&@$);
 				$$->map.op  = $1;
 				$$->map.map = map_expr_alloc(&@$, $4, $6);
-				$$->map.set = $8;
+				$$->map.set = $2;
 			}
 			;