src: update dynamic set updates from packet path syntax

New prefered syntax is:

	{add,update} set { key } @name

 # nft list ruleset
 table ip x {
        set y {
                type ipv4_addr
        }

        chain y {
                ip protocol tcp add set { ip saddr} @y
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 6fba7e59555ca07242b56405688dc1e157bd54be..e5573a208d45374fada6e9a13155fd9e7cfe9b3a 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2713,6 +2713,13 @@ set_stmt         :       SET     set_stmt_op     set_elem_expr_stmt      symbol_expr
                                $$->set.key = $3;
                                $$->set.set = $4;
                        }
+                       |       set_stmt_op     SET     '{' set_elem_expr_stmt  '}' symbol_expr
+                       {
+                               $$ = set_stmt_alloc(&@$);
+                               $$->set.op  = $1;
+                               $$->set.key = $4;
+                               $$->set.set = $6;
+                       }
                        ;
 
 set_stmt_op            :       ADD     { $$ = NFT_DYNSET_OP_ADD; }

diff --git a/src/statement.c b/src/statement.c
index 61ba643becc3613dd5e89e7ac9af13f0ca4ffa0d..41fa24f1d4df0cf0b11b515784e5f30d03b8004a 100644 (file)
--- a/src/statement.c
+++ b/src/statement.c
@@ -615,9 +615,9 @@ static const char * const set_stmt_op_names[] = {
 
 static void set_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
 {
-       nft_print(octx, "set %s ", set_stmt_op_names[stmt->set.op]);
+       nft_print(octx, "%s set { ", set_stmt_op_names[stmt->set.op]);
        expr_print(stmt->set.key, octx);
-       nft_print(octx, " ");
+       nft_print(octx, "} ");
        expr_print(stmt->set.set, octx);
 }