diff options
| author | Laura Garcia Liebana <nevola@gmail.com> | 2019-06-17 18:15:41 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-28 18:53:29 +0200 |
| commit | 24f33c710e8ce2fa93573573409d428236c2f6cb (patch) | |
| tree | d133d71cd7450607105c93dea2e2251ec788f5f0 /src | |
| parent | 2bb7528878c9571d629208d18acf338f2e7b2839 (diff) | |
src: enable set expiration date for set elements
Currently, the expiration of every element in a set or map
is a read-only parameter generated at kernel side.
This change will permit to set a certain expiration date
per element that will be required, for example, during
stateful replication among several nodes.
This patch will enable the _expires_ input parameter in
the parser and propagate NFTNL_SET_ELEM_EXPIRATION in
order to send the configured value.
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/netlink.c | 3 | ||||
| -rw-r--r-- | src/parser_bison.y | 5 | ||||
| -rw-r--r-- | src/scanner.l | 1 |
3 files changed, 9 insertions, 0 deletions
diff --git a/src/netlink.c b/src/netlink.c index 24d8f03a..97eb082c 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -122,6 +122,9 @@ static struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *set, if (elem->timeout) nftnl_set_elem_set_u64(nlse, NFTNL_SET_ELEM_TIMEOUT, elem->timeout); + if (elem->expiration) + nftnl_set_elem_set_u64(nlse, NFTNL_SET_ELEM_EXPIRATION, + elem->expiration); if (elem->comment || expr->elem_flags) { udbuf = nftnl_udata_buf_alloc(NFT_USERDATA_MAXLEN); if (!udbuf) diff --git a/src/parser_bison.y b/src/parser_bison.y index 670e91f5..4f2e3475 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -255,6 +255,7 @@ int nft_lex(void *, void *, void *); %token TIMEOUT "timeout" %token GC_INTERVAL "gc-interval" %token ELEMENTS "elements" +%token EXPIRES "expires" %token POLICY "policy" %token MEMORY "memory" @@ -3367,6 +3368,10 @@ set_elem_option : TIMEOUT time_spec { $<expr>0->timeout = $2; } + | EXPIRES time_spec + { + $<expr>0->expiration = $2; + } | comment_spec { $<expr>0->comment = $1; diff --git a/src/scanner.l b/src/scanner.l index d1f6e879..b46b25e7 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -302,6 +302,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "timeout" { return TIMEOUT; } "gc-interval" { return GC_INTERVAL; } "elements" { return ELEMENTS; } +"expires" { return EXPIRES; } "policy" { return POLICY; } "size" { return SIZE; } |