diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-16 10:14:47 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-16 12:02:11 +0100 |
commit | e7395266640aed088e312ca1da3c147b64059988 (patch) | |
tree | 0ff60c8670ee5a1a4928cc81eb281426de01b387 /tests/shell/testcases/sets/dumps/0021nesting_0.nft | |
parent | 6c15ee2bab56cabb678cbd46cebd25703c363ab2 (diff) |
src: revisit syntax to update sets and maps from packet path
For sets, we allow this:
nft add rule x y ip protocol tcp update @y { ip saddr}
For maps:
table ip nftlb {
map persistencia {
type ipv4_addr : mark
timeout 1h
elements = { 192.168.1.132 expires 59m55s : 0x00000064,
192.168.56.101 expires 59m24s : 0x00000065 }
}
chain pre {
type nat hook prerouting priority 0; policy accept;
update @persistencia \
{ @nh,96,32 : numgen inc mod 2 offset 100 }
}
}
nft --debug=netlink add rule ip nftlb pre add @persistencia \
{ ip saddr : numgen inc mod 2 offset 100 }
More compact and it doesn't gets it confused with a simple map update
command (interesting that bison didn't spew any conflict error).
Former syntax for sets is preserved.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/sets/dumps/0021nesting_0.nft')
0 files changed, 0 insertions, 0 deletions