netlink_linearize: fix timeout with map updates

Map updates can use timeouts, just like with sets, but the
linearization step did not pass this info to the kernel.

meta l4proto tcp update @pinned { ip saddr . ct original proto-src timeout 90s : ip daddr . tcp dport

Listing this won't show the "timeout 90s" because kernel never saw it to
begin with.

Also update evaluation step to reject a timeout that was set on
the data part: Timeouts are only allowed for the key-value pair
as a whole.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/evaluate.c b/src/evaluate.c
index d0279e335a4e3cdb2aee04ab50594dbbab38e33d..c04cb91d3919167ba891ac107dd23d76fb9bfb5c 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3898,6 +3898,9 @@ static int stmt_evaluate_map(struct eval_ctx *ctx, struct stmt *stmt)
        if (stmt->map.data->comment != NULL)
                return expr_error(ctx->msgs, stmt->map.data,
                                  "Data expression comments are not supported");
+       if (stmt->map.data->timeout > 0)
+               return expr_error(ctx->msgs, stmt->map.data,
+                                 "Data expression timeouts are not supported");
 
        list_for_each_entry(this, &stmt->map.stmt_list, list) {
                if (stmt_evaluate(ctx, this) < 0)

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index c8bbcb7452b051bc166505b8aa6aec2d04b0e5e3..6de0a969c080fe66bd8d9c3ca061807a649b61e2 100644 (file)
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1520,6 +1520,10 @@ static void netlink_gen_map_stmt(struct netlink_linearize_ctx *ctx,
        nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, set->handle.set_id);
        nft_rule_add_expr(ctx, nle, &stmt->location);
 
+       if (stmt->map.key->timeout > 0)
+               nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT,
+                                  stmt->map.key->timeout);
+
        list_for_each_entry(this, &stmt->map.stmt_list, list)
                num_stmts++;