# nft add table test
# nft add set test myset { type ipv4_addr\; flags interval\; }
# nft add element test myset { 1.2.3.0/24 }
Then the listing shows:
set myset2 {
type ipv4_addr
flags interval
elements = { 1.2.3.0/24}
}
This patch relies on the table and set caches.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=994
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/rule.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/src/rule.c b/src/rule.c
index bc9042f..8c9e8e8 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -769,10 +769,26 @@ static int do_add_chain(struct netlink_ctx *ctx, const struct handle *h,
}
static int do_add_setelems(struct netlink_ctx *ctx, const struct handle *h,
- const struct expr *expr)
+ struct expr *expr)
{
+ struct table *table;
+ struct set *set;
+
+ table = table_lookup(h);
+ if (table == NULL)
+ return -1;
+
+ set = set_lookup(table, h->set);
+ if (set == NULL)
+ return -1;
+
+ if (set->flags & SET_F_INTERVAL &&
+ set_to_intervals(ctx->msgs, set, expr) < 0)
+ return -1;
+
if (netlink_add_setelems(ctx, h, expr) < 0)
return -1;
+
return 0;
}
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
