netlink_linearize: fix timeout with map updates

Map updates can use timeouts, just like with sets, but the linearization step did not pass this info to the kernel. meta l4proto tcp update @pinned { ip saddr . ct original proto-src timeout 90s : ip daddr . tcp dport Listing this won't show the "timeout 90s" because kernel never saw it to begin with. Also update evaluation step to reject a timeout that was set on the data part: Timeouts are only allowed for the key-value pair as a whole. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2022-12-12 11:04:35 +0100
committer: Florian Westphal <fw@strlen.de> 2022-12-12 17:36:10 +0100
commit: 284c038ef4c69d042ef91272d90c143019ecea1f (patch)
tree: b48fb0ef1e502660beb1d845011fdb091c6fa748 /src/netlink_linearize.c
parent: db59a5c1204c9246a82a115a8761f15809578479 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index c8bbcb74..6de0a969 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1520,6 +1520,10 @@ static void netlink_gen_map_stmt(struct netlink_linearize_ctx *ctx,
 	nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, set->handle.set_id);
 	nft_rule_add_expr(ctx, nle, &stmt->location);
 
+	if (stmt->map.key->timeout > 0)
+		nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT,
+				   stmt->map.key->timeout);
+
 	list_for_each_entry(this, &stmt->map.stmt_list, list)
 		num_stmts++;
author	Florian Westphal <fw@strlen.de>	2022-12-12 11:04:35 +0100
committer	Florian Westphal <fw@strlen.de>	2022-12-12 17:36:10 +0100
commit	284c038ef4c69d042ef91272d90c143019ecea1f (patch)
tree	b48fb0ef1e502660beb1d845011fdb091c6fa748 /src/netlink_linearize.c
parent	db59a5c1204c9246a82a115a8761f15809578479 (diff)