parser: allow ct timeouts to use time_spec values

For some reason the parser only allows raw numbers (seconds) for ct timeouts, e.g. ct timeout ttcp { protocol tcp; policy = { syn_sent : 3, ... Also permit time_spec, e.g. "established : 5d". Print the nicer time formats on output, but retain raw numbers support on input for compatibility. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2023-08-02 17:47:14 +0200
committer: Florian Westphal <fw@strlen.de> 2023-08-03 13:06:19 +0200
commit: 5c25c5a35cbd27911d233efd01efcb9be35c85af (patch)
tree: 8aa679c74461357dec26e930ee476b86d24668c3 /src/rule.c
parent: a8260c056a69aaca33d6604079ebac3d07d2551c (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/src/rule.c b/src/rule.c
index 4e60c1e6..99c4f0bb 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1684,11 +1684,14 @@ static void print_proto_timeout_policy(uint8_t l4, const uint32_t *timeout,
 	nft_print(octx, "%s%spolicy = { ", opts->tab, opts->tab);
 	for (i = 0; i < timeout_protocol[l4].array_size; i++) {
 		if (timeout[i] != timeout_protocol[l4].dflt_timeout[i]) {
+			uint64_t timeout_ms;
+
 			if (comma)
 				nft_print(octx, ", ");
-			nft_print(octx, "%s : %u",
-				  timeout_protocol[l4].state_to_name[i],
-				  timeout[i]);
+			timeout_ms = timeout[i] * 1000u;
+			nft_print(octx, "%s : ",
+				  timeout_protocol[l4].state_to_name[i]);
+			time_print(timeout_ms, octx);
 			comma = true;
 		}
 	}
author	Florian Westphal <fw@strlen.de>	2023-08-02 17:47:14 +0200
committer	Florian Westphal <fw@strlen.de>	2023-08-03 13:06:19 +0200
commit	5c25c5a35cbd27911d233efd01efcb9be35c85af (patch)
tree	8aa679c74461357dec26e930ee476b86d24668c3 /src/rule.c
parent	a8260c056a69aaca33d6604079ebac3d07d2551c (diff)