From a87f2a2227be29cc1e91f3301cec963f02aa5178 Mon Sep 17 00:00:00 2001
From: Ander Juaristi <a@juaristi.eus>
Date: Tue, 9 Jul 2019 20:03:52 +0200
Subject: netfilter: support for element deletion

This patch implements element deletion from ruleset.

Example:

	table ip set-test {
		set testset {
			type ipv4_addr;
			flags timeout;
		}

		chain outputchain {
			policy accept;
			type filter hook output priority filter;

			delete @testset { ip saddr }
		}
	}

Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/parser_bison.y | 1 +
 src/statement.c    | 1 +
 2 files changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/parser_bison.y b/src/parser_bison.y
index bff5e274..5fb3a60a 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3134,6 +3134,7 @@ set_stmt		:	SET	set_stmt_op	set_elem_expr_stmt	symbol_expr
 
 set_stmt_op		:	ADD	{ $$ = NFT_DYNSET_OP_ADD; }
 			|	UPDATE	{ $$ = NFT_DYNSET_OP_UPDATE; }
+			|	DELETE  { $$ = NFT_DYNSET_OP_DELETE; }
 			;
 
 map_stmt		:	set_stmt_op	symbol_expr '{'	set_elem_expr_stmt	COLON	set_elem_expr_stmt	'}'
diff --git a/src/statement.c b/src/statement.c
index a9e72de3..12689ee5 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -665,6 +665,7 @@ struct stmt *nat_stmt_alloc(const struct location *loc,
 const char * const set_stmt_op_names[] = {
 	[NFT_DYNSET_OP_ADD]	= "add",
 	[NFT_DYNSET_OP_UPDATE]	= "update",
+	[NFT_DYNSET_OP_DELETE]  = "delete",
 };
 
 static void set_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
-- 
cgit v1.2.3