From 7b5248972d9f2122c7b3683ca205d3165e7a9255 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 19 Mar 2015 13:34:18 +0000 Subject: setelem: add timeout support for set elements Support specifying per element timeout values and displaying the expiration time. If an element should not use the default timeout value of the set, an element specific value can be specified as follows: # nft add element filter test { 192.168.0.1, 192.168.0.2 timeout 10m} For listing of elements that use the default timeout value, just the expiration time is shown, otherwise the element specific timeout value is also displayed: set test { type ipv4_addr timeout 1h elements = { 192.168.0.2 timeout 10m expires 9m59s, 192.168.0.1 expires 59m59s} } Signed-off-by: Patrick McHardy --- include/linux/netfilter/nf_tables.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include/linux/netfilter') diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 8671505e..6894ba33 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -289,12 +289,16 @@ enum nft_set_elem_flags { * @NFTA_SET_ELEM_KEY: key value (NLA_NESTED: nft_data) * @NFTA_SET_ELEM_DATA: data value of mapping (NLA_NESTED: nft_data_attributes) * @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32) + * @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64) + * @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64) */ enum nft_set_elem_attributes { NFTA_SET_ELEM_UNSPEC, NFTA_SET_ELEM_KEY, NFTA_SET_ELEM_DATA, NFTA_SET_ELEM_FLAGS, + NFTA_SET_ELEM_TIMEOUT, + NFTA_SET_ELEM_EXPIRATION, __NFTA_SET_ELEM_MAX }; #define NFTA_SET_ELEM_MAX (__NFTA_SET_ELEM_MAX - 1) -- cgit v1.2.3