diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-03-23 21:34:57 +0000 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2015-04-12 19:59:27 +0100 |
| commit | 38a077f7af8a2151b565e3cb324901b48afd299e (patch) | |
| tree | fd119cd653996dbb421f2d0f8450d167bc213cbb /include | |
| parent | 52532335290457cc449564b7e011f73bef3a83e2 (diff) | |
set: add timeout support for sets
Timeout support can be enabled in one of two ways:
1. Using a default timeout value:
set test {
type ipv4_addr;
timeout 1h;
}
2. Using the timeout flag without a default:
set test {
type ipv4_addr;
flags timeout;
}
Optionally a garbage collection interval can be specified using
gc-interval <interval>;
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter/nf_tables.h | 6 | ||||
| -rw-r--r-- | include/rule.h | 5 |
2 files changed, 11 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 832bc46d..8671505e 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -207,12 +207,14 @@ enum nft_rule_compat_attributes { * @NFT_SET_CONSTANT: set contents may not change while bound * @NFT_SET_INTERVAL: set contains intervals * @NFT_SET_MAP: set is used as a dictionary + * @NFT_SET_TIMEOUT: set uses timeouts */ enum nft_set_flags { NFT_SET_ANONYMOUS = 0x1, NFT_SET_CONSTANT = 0x2, NFT_SET_INTERVAL = 0x4, NFT_SET_MAP = 0x8, + NFT_SET_TIMEOUT = 0x10, }; /** @@ -251,6 +253,8 @@ enum nft_set_desc_attributes { * @NFTA_SET_POLICY: selection policy (NLA_U32) * @NFTA_SET_DESC: set description (NLA_NESTED) * @NFTA_SET_ID: uniquely identifies a set in a transaction (NLA_U32) + * @NFTA_SET_TIMEOUT: default timeout value (NLA_U64) + * @NFTA_SET_GC_INTERVAL: garbage collection interval (NLA_U32) */ enum nft_set_attributes { NFTA_SET_UNSPEC, @@ -264,6 +268,8 @@ enum nft_set_attributes { NFTA_SET_POLICY, NFTA_SET_DESC, NFTA_SET_ID, + NFTA_SET_TIMEOUT, + NFTA_SET_GC_INTERVAL, __NFTA_SET_MAX }; #define NFTA_SET_MAX (__NFTA_SET_MAX - 1) diff --git a/include/rule.h b/include/rule.h index 97959f7b..5d445993 100644 --- a/include/rule.h +++ b/include/rule.h @@ -173,6 +173,7 @@ enum set_flags { SET_F_CONSTANT = 0x2, SET_F_INTERVAL = 0x4, SET_F_MAP = 0x8, + SET_F_TIMEOUT = 0x10, }; /** @@ -183,6 +184,8 @@ enum set_flags { * @location: location the set was defined/declared at * @refcnt: reference count * @flags: bitmask of set flags + * @gc_int: garbage collection interval + * @timeout: default timeout value * @keytype: key data type * @keylen: key length * @datatype: mapping data type @@ -197,6 +200,8 @@ struct set { struct location location; unsigned int refcnt; uint32_t flags; + uint32_t gc_int; + uint64_t timeout; const struct datatype *keytype; unsigned int keylen; const struct datatype *datatype; |