netfilter: support for element deletion

This patch implements element deletion from ruleset. Example: table ip set-test { set testset { type ipv4_addr; flags timeout; } chain outputchain { policy accept; type filter hook output priority filter; delete @testset { ip saddr } } } Signed-off-by: Ander Juaristi <a@juaristi.eus> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Ander Juaristi <a@juaristi.eus> 2019-07-09 20:03:52 +0200
committer: Florian Westphal <fw@strlen.de> 2019-08-29 11:10:47 +0200
commit: a87f2a2227be29cc1e91f3301cec963f02aa5178 (patch)
tree: 9d0b62596a2f04e4cfcae8f6b09ce15590082ec7 /src
parent: 03478af1bea03eafd43df94334cb001ed26145a3 (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y
index bff5e274..5fb3a60a 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3134,6 +3134,7 @@ set_stmt		:	SET	set_stmt_op	set_elem_expr_stmt	symbol_expr
 
 set_stmt_op		:	ADD	{ $$ = NFT_DYNSET_OP_ADD; }
 			|	UPDATE	{ $$ = NFT_DYNSET_OP_UPDATE; }
+			|	DELETE  { $$ = NFT_DYNSET_OP_DELETE; }
 			;
 
 map_stmt		:	set_stmt_op	symbol_expr '{'	set_elem_expr_stmt	COLON	set_elem_expr_stmt	'}'
diff --git a/src/statement.c b/src/statement.c
index a9e72de3..12689ee5 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -665,6 +665,7 @@ struct stmt *nat_stmt_alloc(const struct location *loc,
 const char * const set_stmt_op_names[] = {
 	[NFT_DYNSET_OP_ADD]	= "add",
 	[NFT_DYNSET_OP_UPDATE]	= "update",
+	[NFT_DYNSET_OP_DELETE]  = "delete",
 };
 
 static void set_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
author	Ander Juaristi <a@juaristi.eus>	2019-07-09 20:03:52 +0200
committer	Florian Westphal <fw@strlen.de>	2019-08-29 11:10:47 +0200
commit	a87f2a2227be29cc1e91f3301cec963f02aa5178 (patch)
tree	9d0b62596a2f04e4cfcae8f6b09ce15590082ec7 /src
parent	03478af1bea03eafd43df94334cb001ed26145a3 (diff)