On Thu, Mar 15, 2018 at 09:23:21AM +0100, Laura Garcia Liebana wrote:
> The support of dynamic adds and updates are only available for sets
> and meters. This patch gives such abilities to maps as well.
>
> This patch is useful in cases where dynamic population of maps are
> required, for example, to maintain a persistence during some period
> of time.
>
> Example:
>
> table ip nftlb {
> map persistencia {
> type ipv4_addr : mark
> timeout 1h
> elements = { 192.168.1.132 expires 59m55s : 0x00000064,
> 192.168.56.101 expires 59m24s : 0x00000065 }
> }
>
> chain pre {
> type nat hook prerouting priority 0; policy accept;
> map update \
> { @nh,96,32 : numgen inc mod 2 offset 100 } @persistencia
Not related to this patch, but this reminds me I think it would be
good if we place curly braces around the key in set updates:
set update { ip saddr } @x
> }
> }
>
> An example of the netlink generated sequence:
>
> nft --debug=netlink add rule ip nftlb pre map add \
> { ip saddr : numgen inc mod 2 offset 100 } @persistencia
> ip nftlb pre
> [ payload load 4b @ network header + 12 => reg 1 ]
> [ numgen reg 2 = inc mod 2 offset 100 ]
> [ dynset add reg_key 1 set persistencia sreg_data 2 ]
Applied, thanks Laura.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
