diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-17 14:50:38 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-20 13:13:40 +0100 |
| commit | 6d80e0f154920b5d26aa764459ec0450a8a12b58 (patch) | |
| tree | 97627d1a1935f051b83b8cb11751c92769261456 /src/rule.c | |
| parent | 6c84577b0d23d1f3fdafb4d74fd5868e891cc6af (diff) | |
src: support for counter in set definition
This patch allows you to turn on counter for each element in the set.
table ip x {
set y {
typeof ip saddr
counter
elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 }
}
chain z {
type filter hook output priority filter; policy accept;
ip daddr @y
}
}
This example shows how to turn on counters globally in the set 'y'.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
| -rw-r--r-- | src/rule.c | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -355,6 +355,7 @@ void set_free(struct set *set) if (set->init != NULL) expr_free(set->init); handle_free(&set->handle); + stmt_free(set->stmt); expr_free(set->key); expr_free(set->data); xfree(set); @@ -544,6 +545,15 @@ static void set_print_declaration(const struct set *set, } nft_print(octx, "%s", opts->stmt_separator); } + + if (set->stmt) { + nft_print(octx, "%s%s", opts->tab, opts->tab); + octx->flags |= NFT_CTX_OUTPUT_STATELESS; + stmt_print(set->stmt, octx); + octx->flags &= ~NFT_CTX_OUTPUT_STATELESS; + nft_print(octx, "%s", opts->stmt_separator); + } + if (set->automerge) nft_print(octx, "%s%sauto-merge%s", opts->tab, opts->tab, opts->stmt_separator); |