This patch implements element deletion from ruleset.
Example:
table ip set-test {
set testset {
type ipv4_addr;
flags timeout;
}
chain outputchain {
policy accept;
type filter hook output priority filter;
delete @testset { ip saddr }
}
}
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Florian Westphal <fw@strlen.de>
enum nft_dynset_ops {
NFT_DYNSET_OP_ADD,
NFT_DYNSET_OP_UPDATE,
+ NFT_DYNSET_OP_DELETE,
};
enum nft_dynset_flags {
set_stmt_op : ADD { $$ = NFT_DYNSET_OP_ADD; }
| UPDATE { $$ = NFT_DYNSET_OP_UPDATE; }
+ | DELETE { $$ = NFT_DYNSET_OP_DELETE; }
;
map_stmt : set_stmt_op symbol_expr '{' set_elem_expr_stmt COLON set_elem_expr_stmt '}'
const char * const set_stmt_op_names[] = {
[NFT_DYNSET_OP_ADD] = "add",
[NFT_DYNSET_OP_UPDATE] = "update",
+ [NFT_DYNSET_OP_DELETE] = "delete",
};
static void set_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
projects / thirdparty / nftables.git / commitdiff
