diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-03-26 13:10:19 +0000 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-09 14:38:24 +0200 |
| commit | b1e6bc9cbffd7a3657734cc7b39f771c74d587c2 (patch) | |
| tree | a2d12a23f09655e141130674b5458737adbde371 /include | |
| parent | ebda8da3b5cf01ad79a51a890c78d226586f842d (diff) | |
set: add support for set timeouts
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/libnftnl/set.h | 4 | ||||
| -rw-r--r-- | include/linux/netfilter/nf_tables.h | 6 | ||||
| -rw-r--r-- | include/set.h | 2 |
3 files changed, 12 insertions, 0 deletions
diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h index 55a47b0..5c4109f 100644 --- a/include/libnftnl/set.h +++ b/include/libnftnl/set.h @@ -20,6 +20,8 @@ enum { NFT_SET_ATTR_ID, NFT_SET_ATTR_POLICY, NFT_SET_ATTR_DESC_SIZE, + NFT_SET_ATTR_TIMEOUT, + NFT_SET_ATTR_GC_INTERVAL, __NFT_SET_ATTR_MAX }; #define NFT_SET_ATTR_MAX (__NFT_SET_ATTR_MAX - 1) @@ -37,6 +39,7 @@ void nft_set_attr_set(struct nft_set *s, uint16_t attr, const void *data); void nft_set_attr_set_data(struct nft_set *s, uint16_t attr, const void *data, uint32_t data_len); void nft_set_attr_set_u32(struct nft_set *s, uint16_t attr, uint32_t val); +void nft_set_attr_set_u64(struct nft_set *s, uint16_t attr, uint64_t val); void nft_set_attr_set_str(struct nft_set *s, uint16_t attr, const char *str); const void *nft_set_attr_get(struct nft_set *s, uint16_t attr); @@ -44,6 +47,7 @@ const void *nft_set_attr_get_data(struct nft_set *s, uint16_t attr, uint32_t *data_len); const char *nft_set_attr_get_str(struct nft_set *s, uint16_t attr); uint32_t nft_set_attr_get_u32(struct nft_set *s, uint16_t attr); +uint64_t nft_set_attr_get_u64(struct nft_set *s, uint16_t attr); struct nlmsghdr; diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 832bc46..8671505 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -207,12 +207,14 @@ enum nft_rule_compat_attributes { * @NFT_SET_CONSTANT: set contents may not change while bound * @NFT_SET_INTERVAL: set contains intervals * @NFT_SET_MAP: set is used as a dictionary + * @NFT_SET_TIMEOUT: set uses timeouts */ enum nft_set_flags { NFT_SET_ANONYMOUS = 0x1, NFT_SET_CONSTANT = 0x2, NFT_SET_INTERVAL = 0x4, NFT_SET_MAP = 0x8, + NFT_SET_TIMEOUT = 0x10, }; /** @@ -251,6 +253,8 @@ enum nft_set_desc_attributes { * @NFTA_SET_POLICY: selection policy (NLA_U32) * @NFTA_SET_DESC: set description (NLA_NESTED) * @NFTA_SET_ID: uniquely identifies a set in a transaction (NLA_U32) + * @NFTA_SET_TIMEOUT: default timeout value (NLA_U64) + * @NFTA_SET_GC_INTERVAL: garbage collection interval (NLA_U32) */ enum nft_set_attributes { NFTA_SET_UNSPEC, @@ -264,6 +268,8 @@ enum nft_set_attributes { NFTA_SET_POLICY, NFTA_SET_DESC, NFTA_SET_ID, + NFTA_SET_TIMEOUT, + NFTA_SET_GC_INTERVAL, __NFTA_SET_MAX }; #define NFTA_SET_MAX (__NFTA_SET_MAX - 1) diff --git a/include/set.h b/include/set.h index 29b9ce5..008ed6e 100644 --- a/include/set.h +++ b/include/set.h @@ -22,6 +22,8 @@ struct nft_set { struct list_head element_list; uint32_t flags; + uint32_t gc_interval; + uint64_t timeout; }; struct nft_set_list; |