From: Ander Juaristi Date: Tue, 9 Jul 2019 18:03:52 +0000 (+0200) Subject: netfilter: support for element deletion X-Git-Tag: v0.9.3~87 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a87f2a2227be29cc1e91f3301cec963f02aa5178;p=thirdparty%2Fnftables.git netfilter: support for element deletion This patch implements element deletion from ruleset. Example: table ip set-test { set testset { type ipv4_addr; flags timeout; } chain outputchain { policy accept; type filter hook output priority filter; delete @testset { ip saddr } } } Signed-off-by: Ander Juaristi Signed-off-by: Florian Westphal --- diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 82abaa18..ec153399 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -636,6 +636,7 @@ enum nft_lookup_attributes { enum nft_dynset_ops { NFT_DYNSET_OP_ADD, NFT_DYNSET_OP_UPDATE, + NFT_DYNSET_OP_DELETE, }; enum nft_dynset_flags { diff --git a/src/parser_bison.y b/src/parser_bison.y index bff5e274..5fb3a60a 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -3134,6 +3134,7 @@ set_stmt : SET set_stmt_op set_elem_expr_stmt symbol_expr set_stmt_op : ADD { $$ = NFT_DYNSET_OP_ADD; } | UPDATE { $$ = NFT_DYNSET_OP_UPDATE; } + | DELETE { $$ = NFT_DYNSET_OP_DELETE; } ; map_stmt : set_stmt_op symbol_expr '{' set_elem_expr_stmt COLON set_elem_expr_stmt '}' diff --git a/src/statement.c b/src/statement.c index a9e72de3..12689ee5 100644 --- a/src/statement.c +++ b/src/statement.c @@ -665,6 +665,7 @@ struct stmt *nat_stmt_alloc(const struct location *loc, const char * const set_stmt_op_names[] = { [NFT_DYNSET_OP_ADD] = "add", [NFT_DYNSET_OP_UPDATE] = "update", + [NFT_DYNSET_OP_DELETE] = "delete", }; static void set_stmt_print(const struct stmt *stmt, struct output_ctx *octx)