New prefered syntax is:
{add,update} set { key } @name
# nft list ruleset
table ip x {
set y {
type ipv4_addr
}
chain y {
ip protocol tcp add set { ip saddr} @y
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/parser_bison.y | 7 +++++++
src/statement.c | 4 ++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 6fba7e59555c..e5573a208d45 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2713,6 +2713,13 @@ set_stmt : SET set_stmt_op set_elem_expr_stmt symbol_expr
$$->set.key = $3;
$$->set.set = $4;
}
+ | set_stmt_op SET '{' set_elem_expr_stmt '}' symbol_expr
+ {
+ $$ = set_stmt_alloc(&@$);
+ $$->set.op = $1;
+ $$->set.key = $4;
+ $$->set.set = $6;
+ }
;
set_stmt_op : ADD { $$ = NFT_DYNSET_OP_ADD; }
diff --git a/src/statement.c b/src/statement.c
index 61ba643becc3..41fa24f1d4df 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -615,9 +615,9 @@ static const char * const set_stmt_op_names[] = {
static void set_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
{
- nft_print(octx, "set %s ", set_stmt_op_names[stmt->set.op]);
+ nft_print(octx, "%s set { ", set_stmt_op_names[stmt->set.op]);
expr_print(stmt->set.key, octx);
- nft_print(octx, " ");
+ nft_print(octx, "} ");
expr_print(stmt->set.set, octx);
}
--
2.11.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
