From 284c038ef4c69d042ef91272d90c143019ecea1f Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Mon, 12 Dec 2022 11:04:35 +0100 Subject: netlink_linearize: fix timeout with map updates Map updates can use timeouts, just like with sets, but the linearization step did not pass this info to the kernel. meta l4proto tcp update @pinned { ip saddr . ct original proto-src timeout 90s : ip daddr . tcp dport Listing this won't show the "timeout 90s" because kernel never saw it to begin with. Also update evaluation step to reject a timeout that was set on the data part: Timeouts are only allowed for the key-value pair as a whole. Signed-off-by: Florian Westphal --- src/evaluate.c | 3 +++ src/netlink_linearize.c | 4 ++++ 2 files changed, 7 insertions(+) (limited to 'src') diff --git a/src/evaluate.c b/src/evaluate.c index d0279e33..c04cb91d 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3898,6 +3898,9 @@ static int stmt_evaluate_map(struct eval_ctx *ctx, struct stmt *stmt) if (stmt->map.data->comment != NULL) return expr_error(ctx->msgs, stmt->map.data, "Data expression comments are not supported"); + if (stmt->map.data->timeout > 0) + return expr_error(ctx->msgs, stmt->map.data, + "Data expression timeouts are not supported"); list_for_each_entry(this, &stmt->map.stmt_list, list) { if (stmt_evaluate(ctx, this) < 0) diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index c8bbcb74..6de0a969 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -1520,6 +1520,10 @@ static void netlink_gen_map_stmt(struct netlink_linearize_ctx *ctx, nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, set->handle.set_id); nft_rule_add_expr(ctx, nle, &stmt->location); + if (stmt->map.key->timeout > 0) + nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT, + stmt->map.key->timeout); + list_for_each_entry(this, &stmt->map.stmt_list, list) num_stmts++; -- cgit v1.2.3