[PATCH nft] src: enable set expiration date for set elements

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nft] src: enable set expiration date for set elements
@ 2019-06-17 16:15 nevola
  2019-06-28 16:47 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: nevola @ 2019-06-17 16:15 UTC (permalink / raw)
  To: pablo; +Cc: netfilter-devel

Currently, the expiration of every element in a set or map
is a read-only parameter generated at kernel side.

This change will permit to set a certain expiration date
per element that will be required, for example, during
stateful replication among several nodes.

This patch will enable the _expires_ input parameter in
the parser and propagate NFTNL_SET_ELEM_EXPIRATION in
order to send the configured value.

Signed-off-by: nevola <laura.garcia@zevenet.com>
---
 src/netlink.c      | 3 +++
 src/parser_bison.y | 5 +++++
 src/scanner.l      | 1 +
 3 files changed, 9 insertions(+)

diff --git a/src/netlink.c b/src/netlink.c
index a6d81b4..40dc41a 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -122,6 +122,9 @@ static struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *set,
 	if (elem->timeout)
 		nftnl_set_elem_set_u64(nlse, NFTNL_SET_ELEM_TIMEOUT,
 				       elem->timeout);
+	if (elem->expiration)
+		nftnl_set_elem_set_u64(nlse, NFTNL_SET_ELEM_EXPIRATION,
+				       elem->expiration);
 	if (elem->comment || expr->elem_flags) {
 		udbuf = nftnl_udata_buf_alloc(NFT_USERDATA_MAXLEN);
 		if (!udbuf)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 1c0b60c..f732350 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -255,6 +255,7 @@ int nft_lex(void *, void *, void *);
 %token TIMEOUT			"timeout"
 %token GC_INTERVAL		"gc-interval"
 %token ELEMENTS			"elements"
+%token EXPIRES			"expires"
 
 %token POLICY			"policy"
 %token MEMORY			"memory"
@@ -3367,6 +3368,10 @@ set_elem_option		:	TIMEOUT			time_spec
 			{
 				$<expr>0->timeout = $2;
 			}
+			|	EXPIRES		time_spec
+			{
+				$<expr>0->expiration = $2;
+			}
 			|	comment_spec
 			{
 				$<expr>0->comment = $1;
diff --git a/src/scanner.l b/src/scanner.l
index d1f6e87..b46b25e 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -302,6 +302,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "timeout"		{ return TIMEOUT; }
 "gc-interval"		{ return GC_INTERVAL; }
 "elements"		{ return ELEMENTS; }
+"expires"		{ return EXPIRES; }
 
 "policy"		{ return POLICY; }
 "size"			{ return SIZE; }
-- 
2.11.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH nft] src: enable set expiration date for set elements
  2019-06-17 16:15 [PATCH nft] src: enable set expiration date for set elements nevola
@ 2019-06-28 16:47 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2019-06-28 16:47 UTC (permalink / raw)
  To: nevola; +Cc: netfilter-devel

On Mon, Jun 17, 2019 at 06:15:41PM +0200, nevola wrote:
> Currently, the expiration of every element in a set or map
> is a read-only parameter generated at kernel side.
> 
> This change will permit to set a certain expiration date
> per element that will be required, for example, during
> stateful replication among several nodes.
> 
> This patch will enable the _expires_ input parameter in
> the parser and propagate NFTNL_SET_ELEM_EXPIRATION in
> order to send the configured value.

Applied, thanks Laura.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-06-28 16:47 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-17 16:15 [PATCH nft] src: enable set expiration date for set elements nevola
2019-06-28 16:47 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).