diff options
author | Florian Westphal <fw@strlen.de> | 2023-08-02 17:47:14 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-08-03 13:06:19 +0200 |
commit | 5c25c5a35cbd27911d233efd01efcb9be35c85af (patch) | |
tree | 8aa679c74461357dec26e930ee476b86d24668c3 /src/rule.c | |
parent | a8260c056a69aaca33d6604079ebac3d07d2551c (diff) |
parser: allow ct timeouts to use time_spec values
For some reason the parser only allows raw numbers (seconds)
for ct timeouts, e.g.
ct timeout ttcp {
protocol tcp;
policy = { syn_sent : 3, ...
Also permit time_spec, e.g. "established : 5d".
Print the nicer time formats on output, but retain
raw numbers support on input for compatibility.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -1684,11 +1684,14 @@ static void print_proto_timeout_policy(uint8_t l4, const uint32_t *timeout, nft_print(octx, "%s%spolicy = { ", opts->tab, opts->tab); for (i = 0; i < timeout_protocol[l4].array_size; i++) { if (timeout[i] != timeout_protocol[l4].dflt_timeout[i]) { + uint64_t timeout_ms; + if (comma) nft_print(octx, ", "); - nft_print(octx, "%s : %u", - timeout_protocol[l4].state_to_name[i], - timeout[i]); + timeout_ms = timeout[i] * 1000u; + nft_print(octx, "%s : ", + timeout_protocol[l4].state_to_name[i]); + time_print(timeout_ms, octx); comma = true; } } |